NYCPHP Meetup

NYPHP.org

[nycphp-talk] capricious submission of forms

Anirudh Zala arzala at gmail.com
Sun Feb 11 22:57:24 EST 2007


On Sunday 11 February 2007 20:37, Peter Sawczynec wrote:
> The use of the captcha technique has become a type of industry standard.

"Industry standard" is very important thing to be considered. Basically one 
would not use non-industry standards too much. However certain changes are 
allowed. Certain captchas can be like small question-answers i.e ( 5 + 5 - 7 
= ?). These question should not be complex so that it will require lot of 
thinking or calculation at user end :). Just simple question like this are 
enough. You can create standard 100 questions like this and use them 
randomly. And then there are other capchas suggested by Tedd.

For e-mail validations etc. I recommend "check your mail box and click link 
mentioned in email" because even if online validation could work properly, it 
doesn't guarantee that the email address filled in by user really belongs to 
him/her no matter whether it is correct or not. However combination of both 
techniques is also good where 1st you will try to check whether input email 
address exists or not. If not then alert user from there and no need to send 
confirmation email. But if exists then send confirmation email.

Still sending only confirmation email is best technique but online validation 
is helpful specially where you need to check whether any given email address 
is real or not.

Anirudh Zala

(30% of Internet traffic 
is wasted by unnecessary 
tabs and spaces.)

>
> I have found customers to quickly recognize and endorse this technique.
> The Pro PHP Security guidebook offers an elegant deployment of this
> solution.
> Plus, I thought, that email validation(s) by any technique is fraught
> with
> delays, failures and spoofing, likely making it too unreliable to use at
> this
> potentially important new customer juncture.
>
> Warmest regards,
>
> Peter Sawczynec
> Technology Dir.
> Sun-code.com
> Web related services
> 646.316.3678
> ps at sun-code.com
>
>
>
> -----Original Message-----
> From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]
> On Behalf Of Jiju Thomas Mathew
> Sent: Sunday, February 11, 2007 8:35 AM
> To: NYPHP Talk
> Subject: Re: [nycphp-talk] capricious submission of forms
>
>>
> Does anyone have any suggestions other then captcha.
>
> I do think partial use of  email address validations using SMTP connect
> would restrict a lot of these bogus mail subscriptions. you should find
> a neat article here http://www.zend.com/zend/spotlight/ev12apr.php

-- 



More information about the talk mailing list