[lnkForumImage]
TotalShareware - Download Free Software
Confronta i prezzi di migliaia di prodotti.
Asp Forum
 Home | Login | Register | Search 


 

Forums >

comp.lang.ruby

[ANN] flatulent-0.0.2 - ajax gets stinky

ara.t.howard

7/4/2007 9:54:00 PM


NAME

flatulent : CAPTCHA for FIGLET.

SYNOPSIS

the flatulent gem provides brain dead simple to use, but
internally cunning,
ascii art captcha for ruby.

URI

http://codeforpeople.co...
http://rubyforge.org/projects/cod...

HOW DO I GET FLATULENT?

gem install flatulent

HISTORY

0.0.2

- ajax gets stinky: Flatulent.ajax! the result of this new
addition is
that the captcha itself doesn't appear in the source file at all

- blowfish encoding for timebomb and captcha fields

- auto server key configuration using hostname and mac address

- improved noise algorithm

- improved character placement (chars shared edges to make
ocr'ing harder)

0.0.1

- initial version

RAILS EXAMPLES

REGULAR METHOD (LESS SECURE):

def controller_action
if params.has_key? 'flatulent'
Flatulent.validate! params
end

render :inline => <<-html
<html><body>
#{ Flatulent.form }
</body></html>
html
end

AJAX METHOD (MORE SECURE):

def controller_action
if params.has_key? 'flatulent'
Flatulent.validate! params
end

render :inline => <<-html
<html>
<head> <%= javascript_include_tag 'prototype' %> </head>
<body>
<form action='./' method='post'>
<%= Flatulent.ajax %>
<input type='submit' name='submit' value='submit' />
</form>
</body>
</html>
html
end

DOCS

see source in ./lib/*
see the example rails project in ./rails

ONLINE SAMPLES

http://drawohara.tumblr.com/po...

ONLINE DEMO OF AJAX METHOD

http://fortytwo.merseine.nu:3000/flat... -- try to break it!



enjoy.

-a
--
we can deny everything, except that we have the possibility of being
better. simply reflect on that.
h.h. the 14th dalai lama
9 Answers

ara.t.howard

7/4/2007 10:51:00 PM

0


On Jul 4, 2007, at 4:38 PM, list. rb wrote:

> very nice! Thanks Ara


with brian's help it may be useful yet!

cheers.


-a
--
we can deny everything, except that we have the possibility of being
better. simply reflect on that.
h.h. the 14th dalai lama

Chris Carter

7/5/2007 12:30:00 AM

0

On 7/4/07, ara.t.howard <ara.t.howard@gmail.com> wrote:
>
> NAME
>
> flatulent : CAPTCHA for FIGLET.
>
> ONLINE DEMO OF AJAX METHOD
>
> http://fortytwo.merseine.nu:3000/flat... -- try to break it!

Ara, if you try to answer in caps (as it is presented) it will fail,
this seems kinda wacky, seeing as most _users_ I know will try to
answer in the same case as it is presented. Perhaps it should be
case-insensitive, or you could branch out and do lowercase letters
too.

--
Chris Carter
concentrationstudios.com
brynmawrcs.com

John Joyce

7/5/2007 1:03:00 AM

0


On Jul 4, 2007, at 7:29 PM, Chris Carter wrote:

> On 7/4/07, ara.t.howard <ara.t.howard@gmail.com> wrote:
>>
>> NAME
>>
>> flatulent : CAPTCHA for FIGLET.
>>
>> ONLINE DEMO OF AJAX METHOD
>>
>> http://fortytwo.merseine.nu:3000/flat... -- try to
>> break it!
>
> Ara, if you try to answer in caps (as it is presented) it will fail,
> this seems kinda wacky, seeing as most _users_ I know will try to
> answer in the same case as it is presented. Perhaps it should be
> case-insensitive, or you could branch out and do lowercase letters
> too.
>
> --
> Chris Carter
> concentrationstudios.com
> brynmawrcs.com
>
case sensitive would be sweet!

ara.t.howard

7/5/2007 2:57:00 AM

0


On Jul 4, 2007, at 6:29 PM, Chris Carter wrote:

> Ara, if you try to answer in caps (as it is presented) it will fail,
> this seems kinda wacky, seeing as most _users_ I know will try to
> answer in the same case as it is presented. Perhaps it should be
> case-insensitive, or you could branch out and do lowercase letters
> too.


a bug!

thanks - i'll fix

fyi. it's supposed to be be both case insensitive and counts o O and
0 as the same char as they look the same in figlet.

cheers.


-a
--
we can deny everything, except that we have the possibility of being
better. simply reflect on that.
h.h. the 14th dalai lama

ara.t.howard

7/5/2007 2:58:00 AM

0


On Jul 4, 2007, at 7:03 PM, John Joyce wrote:

> case sensitive would be sweet!

you think? better than insensitive? it's easy to do of course...

??

-a
--
we can deny everything, except that we have the possibility of being
better. simply reflect on that.
h.h. the 14th dalai lama

Peña, Botp

7/5/2007 3:16:00 AM

0

From: ara.t.howard [mailto:ara.t.howard@gmail.com]
# On Jul 4, 2007, at 7:03 PM, John Joyce wrote:
# > case sensitive would be sweet!
# you think? better than insensitive? it's easy to do of course...

practically case sensitive but the ff

0==o==O (zero and oh's)
l==l (one and el)
2==z==Z (two and z's)
5==s==S (5 and s's)

kind regards -botp

ara.t.howard

7/5/2007 4:00:00 AM

0


On Jul 4, 2007, at 9:16 PM, Peña, Botp wrote:

> practically case sensitive but the ff
>
> 0==o==O (zero and oh's)
> l==l (one and el)
> 2==z==Z (two and z's)
> 5==s==S (5 and s's)

done!

version 0.0.3 out soon... MUCH harder for bots.

-a
--
we can deny everything, except that we have the possibility of being
better. simply reflect on that.
h.h. the 14th dalai lama

John Joyce

7/5/2007 5:38:00 AM

0


On Jul 4, 2007, at 11:52 PM, list. rb wrote:

> There's probably a reason why this isn't used, but, I couldn't help
> but ask.
>
> Instead of asking the user to 'Enter what you see', why don't the
> questions
> vary?
>
> I.e.,
> - enter ONLY the letters [A-Z] you see
> - enter every other character
> - enter the text backwards
> - enter only numbers
> - enter the number of times 'A' has occurred
> - enter the number of vowels
> - enter the RED letters only (assuming there was color in each
> character)
>
> My assumption is that this wouldn't be user friendly? --It would
> definitely
> add to the complexity of cracking I would think..
>
>>
>>
>>
these kinds of questions are a little to simple and logical. It
needs to be more wordy!
also, colors tend to be trouble for accessiblity issues. Some people
are color blind.
longer phrases or even a question itself as the captcha are better.
If the question is a captcha and the answer is a word that any human
could answer, even if it means doing a quick google for the answer,
it would be better. Machines can't get that stuff.
question:
(as a captcha)
What is Michael Jackson's brother's last name?

or

If you had 3 hands, how many thumbs would you have?

Todd Benson

7/5/2007 5:53:00 AM

0

On 7/4/07, list. rb <list.rb@gmail.com> wrote:
> There's probably a reason why this isn't used, but, I couldn't help but ask.
>
> Instead of asking the user to 'Enter what you see', why don't the questions
> vary?

Okay (says I rubbing hands gleefully :). I'm nitpicking and with all
of these you can simply say, well that person shouldn't be using a
computer/be on the internet/speak my language/etc.

> I.e.,
> - enter ONLY the letters [A-Z] you see
My grandfather, being the math guy he is, sees A minus Z with that and
would probably spend more than the allotted seconds trying to see
through that (of course, he could just wait for the next question)
> - enter every other character
Starting with the first? In order? The ascii characters or the
'realized' ones? (I keep thinking of the little play of form and
contour in some art)
> - enter the text backwards
> - enter only numbers
Depending on context I and V and X could be numbers
> - enter the number of times 'A' has occurred
Right-side up or upside-down ... sideways?
> - enter the number of vowels
I can't remember if Y is a vowel ...
> - enter the RED letters only (assuming there was color in each character)
I'm color blind!

> My assumption is that this wouldn't be user friendly? --It would definitely
> add to the complexity of cracking I would think..

It's clear there will continue to exist a give and take with security
vs. usability. We could make all of the captcha's riddles like Gollum
holding on to his precious ring :) What keeps going on in my head is
what truly determines whether the 'thing' on the other line is a
machine or not. I see suggestions to use things like tradition,
commonplace, language, acceptable behavior to decide that. Hey, if
that works for your client base, go for it!

So far, I really like Ara's solution because of how simple (on the
outside) and relatively effective it is.

Todd