Even better than symbolic links would be to write a program that served up the image. Having the same image name return a different image is likely just as good as (if not better than) random names.

BTW, here is an example of an RPG-CGI program that generates an image (its a web counter): http://www.as400network.com/resources/clubtech/tnt400/bo400ng/as400webctr.htm

Matt

-----Original Message-----
From: web400-bounces@xxxxxxxxxxxx [mailto:web400-bounces@xxxxxxxxxxxx] On Behalf Of Guillermo Andrades, CPI Software
Sent: Wednesday, September 03, 2008 7:02 AM
To: Web Enabling the AS400 / iSeries
Subject: Re: [WEB400] CAPTCHA image validation in web form

Joe,

<<new symbolic link in the IFS to the image for each request, and then
send that symbolic link name. >>

yes, a good idea, maybe added to the routine in each two months adding and
removing some images, not too complex at all.
also is important don't allow more than one select error (even none) in each
transaction.

Guillermo.


On Wed, Sep 3, 2008 at 6:54 AM, Joe Pluta <joepluta@xxxxxxxxxxxxxxxxx>wrote:

Nathan Andelin wrote:
But there's a 1/7 chance that a bot could pick the right image the first
time, and over a large enough number of iterations a smart bot could
learn which radio button descriptions were paired with which image
files. Over a large enough number of iterations a bot could esentially
download & duplicate your entire image library and cross-reference
table.

In this case, you would never use a static name for the image. There
are a number of ways to handle it, but one simple way would be to create
a new symbolic link in the IFS to the image for each request, and then
send that symbolic link name. You'd run a regular job to clear out old
links.

Joe

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.