[nycphp-talk] capricious submission of forms
Anirudh Zala
arzala at gmail.com
Sun Feb 11 22:57:24 EST 2007
On Sunday 11 February 2007 20:37, Peter Sawczynec wrote:
> The use of the captcha technique has become a type of industry standard.
"Industry standard" is very important thing to be considered. Basically one
would not use non-industry standards too much. However certain changes are
allowed. Certain captchas can be like small question-answers i.e ( 5 + 5 - 7
= ?). These question should not be complex so that it will require lot of
thinking or calculation at user end :). Just simple question like this are
enough. You can create standard 100 questions like this and use them
randomly. And then there are other capchas suggested by Tedd.
For e-mail validations etc. I recommend "check your mail box and click link
mentioned in email" because even if online validation could work properly, it
doesn't guarantee that the email address filled in by user really belongs to
him/her no matter whether it is correct or not. However combination of both
techniques is also good where 1st you will try to check whether input email
address exists or not. If not then alert user from there and no need to send
confirmation email. But if exists then send confirmation email.
Still sending only confirmation email is best technique but online validation
is helpful specially where you need to check whether any given email address
is real or not.
Anirudh Zala
(30% of Internet traffic
is wasted by unnecessary
tabs and spaces.)
>
> I have found customers to quickly recognize and endorse this technique.
> The Pro PHP Security guidebook offers an elegant deployment of this
> solution.
> Plus, I thought, that email validation(s) by any technique is fraught
> with
> delays, failures and spoofing, likely making it too unreliable to use at
> this
> potentially important new customer juncture.
>
> Warmest regards,
>
> Peter Sawczynec
> Technology Dir.
> Sun-code.com
> Web related services
> 646.316.3678
> ps at sun-code.com
>
>
>
> -----Original Message-----
> From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]
> On Behalf Of Jiju Thomas Mathew
> Sent: Sunday, February 11, 2007 8:35 AM
> To: NYPHP Talk
> Subject: Re: [nycphp-talk] capricious submission of forms
>
>>
> Does anyone have any suggestions other then captcha.
>
> I do think partial use of email address validations using SMTP connect
> would restrict a lot of these bogus mail subscriptions. you should find
> a neat article here http://www.zend.com/zend/spotlight/ev12apr.php
--
More information about the talk
mailing list