[nycphp-talk] Captcha/Question
Tom Melendez
tom at supertom.com
Wed Dec 24 17:19:12 EST 2008
On Wed, Dec 24, 2008 at 2:01 PM, Michele Waldman <mmwaldman at nyc.rr.com> wrote:
> I see zencart moved from using a captcha to a security question.
>
Do you know why? (I'm asking, I don't know why either) Do they let
you enable one instead of the other?
>
>
> They only have a finite number of questions like "What is the color of a
> blue sky?"
>
Is it possible to add your own?
>
>
> Can't that be easily gotten around?
>
> You can just read the security question from the page and program the
> response for that question.
>
Well, the answer is per user, so you would have to know their answer
to begin with, right?
>
>
> Thoughts on captchas and security questions?
>
Well, either or both combined shouldn't define your security policy.
For example, if you're running on a shared host, or non-SSL your
"security" is very limited. What are you trying to protect against?
What is your concern?
With that said, I tend to like the multi-step process that involves both.
Tom
http://www.liphp.org
More information about the talk
mailing list