jQuery Qaptcha：你认为这个Captcha系统很容易被破解吗？ [英] jQuery Qaptcha : do you think that this Captcha System is easily hackable?

问题描述

http://www.myjqueryplugins.com/QapTcha/demo

这个插件看起来如此用户友好

我担心一旦它变得流行它很容易被黑客攻击。

This plugin looks so user friendly
I'm afraid that once it gets popular it gets easily hackable.

你同意吗？

推荐答案

验证码是滑块的一部分吗？如果是的话，绕过它将是微不足道的。

Is the captcha the slider part? If so yes, it would be trivial to bypass.

当您将滑块一直向右滑动时，它只是从隐藏的表单字段iQpatcha中删除一些任意值。 。当你点击提交时（与表格的其余部分）捆绑在一起，邮寄到服务器。

When you slide the slider all the way to the right it simply removes some arbitary values from a hidden form field "iQpatcha". When you click submit this (with the rest of the form) gets bundled up an POSTed to the server.

任何人都会有能够捕获有效回复的fiddler空的iQpatcha字段）并用不同的表单值重放它。

Anyone will fiddler will be able to capture a valid response (with empty iQpatcha field) and replay it with different form values.

验证码的唯一安全形式是在服务器上完全处理的形式，生成图像（在服务器）和POSTed值检查服务器端以查看它是否匹配。我个人可以推荐 reCaptcha ，许多知名网站都会使用它。

The only secure forms of captcha are those that are dealt with completely on the server, an image is generated (on the server) and the POSTed value checked server side to see if it matches. I can personally recommend reCaptcha and lots of high profile sites use it.

这篇关于jQuery Qaptcha：你认为这个Captcha系统很容易被破解吗？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！