验证码替代，如何安全？ [英] Captcha Alternative, how secure?

问题描述

我为本地图书馆制作了网页，我当时认为基于书皮的自定义验证码可能很有吸引力。因此，请提供几十本书的封面之一，并请顾客填写表格类型的书名以证明它们是人类。假设我从图像和文件名中删除了标题/作者信息，就足够了吗？在一个很小的网站上，它是一个独特的系统，是否足以使它有效？这些年来垃圾邮件机器人到底有多棘手？
图像名称的ISBN号是否太明显？

这里是一个示例封面：

_{（来源： mfrl.org ）}

解决方案

OCR系统难以阅读文本。否则，垃圾邮件机器人将很容易通过您的验证码，而无需人工垃圾邮件发送者的任何自定义。

从原则上讲，不要将图像名称基于可以查找的内容，尽管在本地图书馆的情况下，机会很小任何垃圾邮件发送者将编写自定义脚本来击败您的验证码...

I do the web page for my local library, and I was thinking it might be kind of appealing to have a "custom" captcha based on book covers. So serve up one of several dozen book covers, and have the patron filling out the form type the book title to prove they're human. Assuming I stripped the title/author info from the image and filename, would that be enough? Would the fact that it was a unique system on a fairly small website be enough to make it effective? Just how tricky are the spam bots these days? Would having the image name be the ISBN # be too obvious?

Here is a sample cover:

_{(source: mfrl.org)}

解决方案

You need to make it difficult for an OCR system to read the text. Otherwise the spam bot will easily get through your captcha, without any customisation from a human spammer.

That's why you see funny XORing, noise and distortion on most captchas these days.

As a matter of principle, it makes sense to NOT base the image name on something that can be looked up, although in the case of a local library, chances are low that any spammers will be writing custom scripts to defeat your captcha...

这篇关于验证码替代，如何安全？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！