CAPTCHA Image Verification is one of the worst ideas in the world from usability point of view, users with poor vision or who are fatigued may find complex CAPTCHA difficult.
The phrase “You what now?” comes to mind.
Here are some alternatives, which are a little more user friendly.
Logic Test
This method essentially asked your users to solve a simple puzzle, which a bot will find difficult, or CPU intensive to solve. In this simplified example, where we are going to ask the colour of the box (or the circle in the box).
Few users will find this test hard
The combination of differentiating between shapes and colours is quite easy for a human to do, but a computer can find this quite difficult. On the other hand though, this is quite work intensive for the programmer and unless you create a wide range of questions, you are a little limited.
View Example
Dummy Fields
In a nutshell, this puts a field which is hidden via CSS which requests a common piece of information (such as email, or message). If the field has been filled in, you can assume that a bot is being used.
Unfortunately, some modern browsers sometimes automatically fill in form for the user, which is a moderate problem.
View Example
Response Timer
This is another method which does not involve users having to do anything. The theory behind this method, is to see how long the user takes to submit the form. If the user takes a short amount of time, they are either super human, or bots. This is relatively full proof as most bots will instantly submit a form.
View Example
JavaScript Extra
This technique assumes that most bots are unable to use JavaScript, so making JavaScript write a little extra piece of information to the form should stop bots. According to the W3C 95% of users have JavaScript turned on, which is good.
View Example
Akismet
This is one of the best methods of stopping spam, essentially Akismet compare what your user has posted with other stuff posted all over the internet. For me, it’s never missed any piece of spam.
Conclusion
Is there a single alternative to do it all? No, but with a combination of all the methods we can reduce the overall amount of spam. In the next example I’ve combined all the above methods (minus Akismet) into a single file which assess weather a user is human on a point system (3 out of 4 will assume human). Feel free to copy it.
View Example | View Class File
Posted March 25th, 2009 / 2 Comments
Privacy on your website will be paramount to your success. In the world of application development, security can sometimes be overlooked (normally because accessibility is considered more important). Luckily, modern theories in coding mean we now can now be accessible and secure.
Hashing is a really simple technique to hide data using a one way encryption. It’s especially necessary when dealing with users passwords (In a recent study, 60% of respondents use a similar passwords). Here is an example of how to hash using the MD5 function:
<?php
$password = md5('password');
// $password will now return 5f4dcc3b5aa765d61d8327deb882cf99
?>
However, we can improve on this code. Many hackers now use Rainbow tables to reverse the one-way encryption (and thus find out the secret data). Luckily programmers have come up with a new technique to combat this…Adding a pinch of salt to a hash. In programming terms, a salt is essentially an extra piece of information we add to what the user input to make it unusual. Here is an example how to code this:
<?php
$salt = '%$£Salt_Here*(&^';
$password = md5('password'.$salt);
// $password will now return 5747563a265df7a3250884394c0a05e0
?>
Related Posts
PHP Security Consortium: Password Hashing
Essential PHP Security
Posted March 17th, 2009 / 2 Comments
Browser Statistics
IE6 is dying slowly; maybe it’s time we drop support for it.
Biggest Rise: Other (2.29%)
Biggest Fall: Safari (-2.45%) Possibly due to new version of Safari, or that a hacker said Apple Safari is ‘easy pickings’.
OS Statistics
WinXP is still a very dominant. Maybe Windows 7 will be its downfall.
Biggest Rise: Mac (0.9%)
Biggest Fall: WinXP (-0.51%)
Internet Penetration
Latin America/Caribbean internet penetration has grown by 4.5%
Internet Usage
Asians seem to have a high internet usage and is expect to grow even more!
Related Links
W3C Browser Information
Global Market Share Statistics
Internet Traffic Report
The ISC Domain Survey
*This data is an average from approximately 25 differently sources (Some listed above). Feel free to use the graphs and pie charts; however a link back would be appreciated.
Posted March 10th, 2009 / 2 Comments
Believe it or not, TinyURL has an API which allows you to instantly create TinyURL’s of links. Luckily it’s also free to use and currently does not require resistration.
All you need to do is send a request to:
http://tinyurl.com/api-create.php?url=URL_HERE
The code
<?php
echo file_get_contents('http://tinyurl.com/api-create.php?url='.'http://www.example.com/');
/* For example
http://tinyurl.com/api-create.php?url=http://www.fullondesign.co.uk/
Would return:
http://tinyurl.com/d4px9f
*/
?>
Posted March 6th, 2009 / 4 Comments
