Re: CAPTCHA system in webDNA

This WebDNA talk-list message is from

2005

It keeps the original formatting. numero = 60817
interpreted = N
texte = > Here is the random password-generator code, currently in use at SearchBoise.com, which I based >largely on code I got on the list from Brian Fries:Um, I based the pass-gen code on Brian's code...I did not base SearchBoise.com on Brian's code, in case anyone misunderstood my poorly-constructed sentence. :)-DanOn Wed, 19 Jan 2005 17:03:05 -0800 "Dan Strong" wrote:> Bill,> > Here is the random password-generator code, currently in use at SearchBoise.com, which I based >largely on code I got on the list from Brian Fries:> -----------------------------------> [text]tPasswordLength=8[/text]> [text]tChars=abcdefghijkmpqrstuvwxyz23456789ABCDEFGHJKLMNPQRSTUVWXYZ23456789[/text]> [text]tMax=[countchars][tChars][/countchars][/text]> [text]tPass=[/text]> [loop start=1&end=[tPasswordLength]]> [text]tX=[math]ceil([random format=float]*[tMax])[/math][/text]> [text]tPass=[tPass][getchars start=[tX]&end=[tX]][tChars][/getchars][/text]> [/loop]> [tPass]> -----------------------------------> > You can change [PasswordLength] to whatever you need, so if you wanted to generate a 128 >character key, for instance, change it to 128.> > Also, for my purposes, I removed any characters that would be 'confusing' (e.g. 1 & l, O &0), >but you can have whatever characters you like in the [tChars] variable.> > Go to http://www.SearchBoise.com/ip.html to see a sample of this code in action (refresh the >page to change it).> > -Dan> > > > > > > > On Wed, 19 Jan 2005 15:56:25 -0500> devaulw@onebox.com wrote:>> Here's my thinking on this:>> >> The idea I had was to send the link you suggest with an unsubscribe request email but provide a >>verification page that requires the image to be input. The method Ken proposed would permit the >>request and then allow automated unsubscribe attempts. Not a bad proposal if the brute force >>attempts go to waste. Here's how I think I'll deter the brute force attempts. I can permit only >>a few attempts before >>sending another email. At least then a user knows their subscription is being hacked. "If you >>did not request this, please let us know. Someone may be trying to unsubscribe your email >>account." I can be copied on these emails. I can also make a key (Ken used a cart but Dan >>proposed a password generator that could be >>stronger) that makes the attempts not worth a brute force attack. Dan, can you share that >>password generating code? If all this fails, I can implement the CAPTCHA for when I detect >>failed attempts that resemble a >>bot/brute force attack. I still may use CAPTCHA for "email this page to a friend" so I need to >>pursue this idea further. Thanks everyone for your ideas in implementing some security on my >>CAN-SPAM compliance.>> >> Regards,>> Bill>> >> -----Original Message----->>From: Kenneth Grome >> Sent: Thu, 20 Jan 2005 00:12:48 +0800>> To: "WebDNA Talk" >> Subject: Re: CAPTCHA system in webDNA>> >> You're trying to prevent automatic email deletion from an opt-in mailing list?>> >> I wouldn't mess with the system you're suggesting at all. Instead when the visitor enters his >>(or someone else's) email address into the email field in your unsubscribe form, I would enter a >>unique value into the 'unsubscribe' field of his database record:>> >> [replace db=subscribers.db&eqemaildatarq=[email]]unsubscribe=[cart][/replace]>> >> .. and then in the same template I would send the visitor an email message with a URL that has >>that same unique value in it, like this:>> >> >> ************************************>> "Someone entered your email address into the>> UNSUBSCRIBE page on our web site. If that person>> was you, and if you really want to unsubscribe, just>> click this link and we will unsubscribe you immediately:">> >> http://domain.com/page.html?out=[cart]>> >> "But if you do NOT want to unsubscribe from our list,>> please just ignore this message, thanks.">> ************************************>> >> >> The person who receives this email message may (or may not ) click that link. If he clicks the >>link, your webdna code simply deletes the only record in the subscribers database that has that >>unique 'out' value in the unsubscribe field:>> >> [delete db=subscribers.db&equnsubscribedatarq=[out]]>> >> Simple and efficient, and no images or other non-webdna tricks required.>> >> :)>> >> Sincerely,>> Kenneth Grome>> www.kengrome.com>> >> >> ------------------------------------------------------------->> This message is sent to you because you are subscribed to>> the mailing list .>> To unsubscribe, E-mail to: >> To switch to the DIGEST mode, E-mail to >> Web Archive of this list is at: http://webdna.smithmicro.com/> > > -------------------------------------------------------------> This message is sent to you because you are subscribed to> the mailing list .> To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to > Web Archive of this list is at: http://webdna.smithmicro.com/-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

Re: CAPTCHA system in webDNA ( Justin Carroll 2005) Re: CAPTCHA system in webDNA ( Kenneth Grome 2005) Re: CAPTCHA system in webDNA ( "Dan Strong" 2005) Re: CAPTCHA system in webDNA ( "Dan Strong" 2005) Re: CAPTCHA system in webDNA ( devaulw@onebox.com 2005) Re: CAPTCHA system in webDNA ( Kenneth Grome 2005) Re: CAPTCHA system in webDNA ( "Dan Strong" 2005) Re: CAPTCHA system in webDNA ( devaulw@onebox.com 2005) Re: CAPTCHA system in webDNA ( Kenneth Grome 2005) Re: CAPTCHA system in webDNA ( "Dan Strong" 2005) Re: CAPTCHA system in webDNA ( Justin Carroll 2005) Re: CAPTCHA system in webDNA ( Clint Davis 2005) Re: CAPTCHA system in webDNA ( Kenneth Grome 2005) Re: CAPTCHA system in webDNA ( "Dan Strong" 2005) Re: CAPTCHA system in webDNA ( Justin Carroll 2005) CAPTCHA system in webDNA ( devaulw@onebox.com 2005)

> Here is the random password-generator code, currently in use at SearchBoise.com, which I based >largely on code I got on the list from Brian Fries:Um, I based the pass-gen code on Brian's code...I did not base SearchBoise.com on Brian's code, in case anyone misunderstood my poorly-constructed sentence. :)-DanOn Wed, 19 Jan 2005 17:03:05 -0800 "Dan Strong" wrote:> Bill,> > Here is the random password-generator code, currently in use at SearchBoise.com, which I based >largely on code I got on the list from Brian Fries:> -----------------------------------> [text]tPasswordLength=8[/text]> [text]tChars=abcdefghijkmpqrstuvwxyz23456789ABCDEFGHJKLMNPQRSTUVWXYZ23456789[/text]> [text]tMax=[countchars][tChars][/countchars][/text]> [text]tPass=[/text]> [loop start=1&end=[tPasswordLength]]> [text]tX=[math]ceil([random format=float]*[tMax])[/math][/text]> [text]tPass=[tPass][getchars start=[tX]&end=[tX]][tChars][/getchars][/text]> [/loop]> [tPass]> -----------------------------------> > You can change [PasswordLength] to whatever you need, so if you wanted to generate a 128 >character key, for instance, change it to 128.> > Also, for my purposes, I removed any characters that would be 'confusing' (e.g. 1 & l, O &0), >but you can have whatever characters you like in the [tChars] variable.> > Go to http://www.SearchBoise.com/ip.html to see a sample of this code in action (refresh the >page to change it).> > -Dan> > > > > > > > On Wed, 19 Jan 2005 15:56:25 -0500> devaulw@onebox.com wrote:>> Here's my thinking on this:>> >> The idea I had was to send the link you suggest with an unsubscribe request email but provide a >>verification page that requires the image to be input. The method Ken proposed would permit the >>request and then allow automated unsubscribe attempts. Not a bad proposal if the brute force >>attempts go to waste. Here's how I think I'll deter the brute force attempts. I can permit only >>a few attempts before >>sending another email. At least then a user knows their subscription is being hacked. "If you >>did not request this, please let us know. Someone may be trying to unsubscribe your email >>account." I can be copied on these emails. I can also make a key (Ken used a cart but Dan >>proposed a password generator that could be >>stronger) that makes the attempts not worth a brute force attack. Dan, can you share that >>password generating code? If all this fails, I can implement the CAPTCHA for when I detect >>failed attempts that resemble a >>bot/brute force attack. I still may use CAPTCHA for "email this page to a friend" so I need to >>pursue this idea further. Thanks everyone for your ideas in implementing some security on my >>CAN-SPAM compliance.>> >> Regards,>> Bill>> >> -----Original Message----->>From: Kenneth Grome >> Sent: Thu, 20 Jan 2005 00:12:48 +0800>> To: "WebDNA Talk" >> Subject: Re: CAPTCHA system in webDNA>> >> You're trying to prevent automatic email deletion from an opt-in mailing list?>> >> I wouldn't mess with the system you're suggesting at all. Instead when the visitor enters his >>(or someone else's) email address into the email field in your unsubscribe form, I would enter a >>unique value into the 'unsubscribe' field of his database record:>> >> [replace db=subscribers.db&eqemaildatarq=[email]]unsubscribe=[cart][/replace]>> >> .. and then in the same template I would send the visitor an email message with a URL that has >>that same unique value in it, like this:>> >> >> ************************************>> "Someone entered your email address into the>> UNSUBSCRIBE page on our web site. If that person>> was you, and if you really want to unsubscribe, just>> click this link and we will unsubscribe you immediately:">> >> http://domain.com/page.html?out=[cart]>> >> "But if you do NOT want to unsubscribe from our list,>> please just ignore this message, thanks.">> ************************************>> >> >> The person who receives this email message may (or may not ) click that link. If he clicks the >>link, your webdna code simply deletes the only record in the subscribers database that has that >>unique 'out' value in the unsubscribe field:>> >> [delete db=subscribers.db&equnsubscribedatarq=[out]]>> >> Simple and efficient, and no images or other non-webdna tricks required.>> >> :)>> >> Sincerely,>> Kenneth Grome>> www.kengrome.com>> >> >> ------------------------------------------------------------->> This message is sent to you because you are subscribed to>> the mailing list .>> To unsubscribe, E-mail to: >> To switch to the DIGEST mode, E-mail to >> Web Archive of this list is at: http://webdna.smithmicro.com/> > > -------------------------------------------------------------> This message is sent to you because you are subscribed to> the mailing list .> To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to > Web Archive of this list is at: http://webdna.smithmicro.com/-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ "Dan Strong"

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Problem (1997) Converting Quotes in Javascript (2001) emailer (1997) ooops...WebCatalog [FoundItems] Problem - LONG - (1997) Hiding my Source Code with W* (2000) test (2002) OT: Poll Results (2002) WebCatalog/Mac 2.1b2 - PIXO (1997) Undeliverable Mail (1997) Need help with emailer- 2 issues (1997) Download Question (1997) Using [showif] (2000) won't serve .tpl (2000) [WebDNA] WebDNA 8.6 announced - New features (2018) RE: CloseDatabase (1997) [TaxableTotal] - not working with AOL and IE (1997) Sorting problem (1997) [include ...] behavior (1997) Help name our technology! (1997) WebCat2b13MacPlugIn - [showif][search][/showif] (1997)