You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rivet-dev@tcl.apache.org by Massimo Manghi <ma...@unipr.it> on 2015/10/10 18:42:31 UTC
[OT] response challenge method
again an off-topic question, but I guess many of you have an answer and
I tend to trust you, fellow riveters.
I will do a small web site for scientific conference and I must accept
subscription form data without authentication, so I thought that having
something like Captcha could be useful for this case.
Do you have former experience on this, do you have recommendation for an
open source, easy to deploy solution?
thanks
-- Massimo
---------------------------------------------------------------------
To unsubscribe, e-mail: rivet-dev-unsubscribe@tcl.apache.org
For additional commands, e-mail: rivet-dev-help@tcl.apache.org
Re: [OT] response challenge method
Posted by Harald Oehlmann <ha...@elmicron.de>.
That is big fun !
Thanks, great !
Sometimes, it is so simple ;-)
Enjoy,
Harald
Am 22.10.2015 um 09:57 schrieb Massimo Manghi:
> I had from Richard Hipp (Sqlite and Fossil) full permission to reproduce
> the ASCII glyphs Fossil uses to provide basic (but effective in most
> cases) protection of the login form.
>
> The HexGlyph package in trunk will thus be copied also in branches/2.2
> to release it with 2.2.4.
>
> -- Massimo
>
> On 10/13/2015 09:37 AM, Massimo Manghi wrote:
>>
>> We may borrow this idea from fossil and reimplement it for Rivet.
>> Something like a configurable Itcl/TclOO class with a central output
>> that returns an HTML fragment with the text to be returned. It shouldn't
>> be difficult, just a bit cumbersome because the characters are probably
>> to be typeset with a text editor....or maybe fossil's code for that
>> functionality has a license that allows us to borrow from it (adding the
>> due acknowledgments in our code)
>>
>> -- Massimo
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: rivet-dev-unsubscribe@tcl.apache.org
> For additional commands, e-mail: rivet-dev-help@tcl.apache.org
>
--
ELMICRON Dr. Harald Oehlmann GmbH
Koesener Str. 85
06618 Naumburg
Germany
Phone: +49 (0)3445 78112-0
Fax: +49 (0)3445 78112-19
www.Elmicron.de
German legal references:
Geschaeftsfuehrer: Dr. Harald Oehlmann, Jens Oehlmann
UST Nr. / VAT ID No.: DE206105272
HRB 212803 Stendal
---------------------------------------------------------------------
To unsubscribe, e-mail: rivet-dev-unsubscribe@tcl.apache.org
For additional commands, e-mail: rivet-dev-help@tcl.apache.org
Re: [OT] response challenge method
Posted by Massimo Manghi <mx...@apache.org>.
I had from Richard Hipp (Sqlite and Fossil) full permission to reproduce
the ASCII glyphs Fossil uses to provide basic (but effective in most
cases) protection of the login form.
The HexGlyph package in trunk will thus be copied also in branches/2.2
to release it with 2.2.4.
-- Massimo
On 10/13/2015 09:37 AM, Massimo Manghi wrote:
>
> We may borrow this idea from fossil and reimplement it for Rivet.
> Something like a configurable Itcl/TclOO class with a central output
> that returns an HTML fragment with the text to be returned. It shouldn't
> be difficult, just a bit cumbersome because the characters are probably
> to be typeset with a text editor....or maybe fossil's code for that
> functionality has a license that allows us to borrow from it (adding the
> due acknowledgments in our code)
>
> -- Massimo
>
---------------------------------------------------------------------
To unsubscribe, e-mail: rivet-dev-unsubscribe@tcl.apache.org
For additional commands, e-mail: rivet-dev-help@tcl.apache.org
Re: [OT] response challenge method
Posted by Massimo Manghi <ma...@unipr.it>.
We may borrow this idea from fossil and reimplement it for Rivet.
Something like a configurable Itcl/TclOO class with a central output
that returns an HTML fragment with the text to be returned. It shouldn't
be difficult, just a bit cumbersome because the characters are probably
to be typeset with a text editor....or maybe fossil's code for that
functionality has a license that allows us to borrow from it (adding the
due acknowledgments in our code)
-- Massimo
On 10/12/2015 05:54 PM, alexkarta wrote:
> Hello, Massimo
>
> Unfortunately, I don't know about possibility of Fossil component
> integration. But idea looks very nice, I mean simple
> registration without email conformation based on text captcha, then you
> need to just trace cookies.
> So, may be it will be not so hard to you to write something like this
> using tcl/rivet
>
---------------------------------------------------------------------
To unsubscribe, e-mail: rivet-dev-unsubscribe@tcl.apache.org
For additional commands, e-mail: rivet-dev-help@tcl.apache.org
Re: [OT] response challenge method
Posted by alexkarta <al...@yahoo.com.INVALID>.
Hello, Massimo
Unfortunately, I don't know about possibility of Fossil component
integration. But idea looks very nice, I mean simple
registration without email conformation based on text captcha, then you
need to just trace cookies.
So, may be it will be not so hard to you to write something like this
using tcl/rivet
On 10/12/2015 12:10 PM, Massimo Manghi wrote:
> Thank you Alexey
>
> I didn't consider fossil because I had the idea (perhaps the
> misconception) that it was rather monolithic. Is it possible to adopt
> a single component and integrate it into your own web site? As to your
> final remark about 'invited persons': no, I can't presume only certain
> persons will apply for participating to the conference. I need to
> leave the subscription open, I just need to prevent a robot from
> exploiting the form to post unrelated data. Since a confirmation email
> will certainly be sent to both the subscriber and the organization,
> such form could be easily exploited to send mail around from an IP
> belonging to a trusted network.
>
> -- Massimo
>
>
> On 10/10/2015 07:25 PM, alexkarta wrote:
>> On 10/10/2015 07:42 PM, Massimo Manghi wrote:
>>> again an off-topic question, but I guess many of you have an answer
>>> and I tend to trust you, fellow riveters.
>>>
>>> I will do a small web site for scientific conference and I must accept
>>> subscription form data without authentication, so I thought that
>>> having something like Captcha could be useful for this case.
>>>
>>> Do you have former experience on this, do you have recommendation for
>>> an open source, easy to deploy solution?
>>>
>>> thanks
>>>
>>> -- Massimo
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: rivet-dev-unsubscribe@tcl.apache.org
>>> For additional commands, e-mail: rivet-dev-help@tcl.apache.org
>>>
>> Hello, Massimo
>>
>> I like fossil like anonymous authorization like this
>> https://www.fossil-scm.org/fossil/login
>>
>> In addition, once I upload a paper for publishing using unique url
>> contains uid. I got that url by email, the https has been used, so it
>> wasn't so dangerous if user do not share his ulr. This is very easy for
>> user system, and quite safe if you use https, but it works mainly for
>> invited persons with known mail.
>>
>>
>> -- Alexey (alexkarta.com)
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: rivet-dev-unsubscribe@tcl.apache.org
>> For additional commands, e-mail: rivet-dev-help@tcl.apache.org
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: rivet-dev-unsubscribe@tcl.apache.org
> For additional commands, e-mail: rivet-dev-help@tcl.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: rivet-dev-unsubscribe@tcl.apache.org
For additional commands, e-mail: rivet-dev-help@tcl.apache.org
Re: [OT] response challenge method
Posted by Massimo Manghi <ma...@unipr.it>.
Thank you Alexey
I didn't consider fossil because I had the idea (perhaps the
misconception) that it was rather monolithic. Is it possible to adopt a
single component and integrate it into your own web site? As to your
final remark about 'invited persons': no, I can't presume only certain
persons will apply for participating to the conference. I need to leave
the subscription open, I just need to prevent a robot from exploiting
the form to post unrelated data. Since a confirmation email will
certainly be sent to both the subscriber and the organization, such form
could be easily exploited to send mail around from an IP belonging to a
trusted network.
-- Massimo
On 10/10/2015 07:25 PM, alexkarta wrote:
> On 10/10/2015 07:42 PM, Massimo Manghi wrote:
>> again an off-topic question, but I guess many of you have an answer
>> and I tend to trust you, fellow riveters.
>>
>> I will do a small web site for scientific conference and I must accept
>> subscription form data without authentication, so I thought that
>> having something like Captcha could be useful for this case.
>>
>> Do you have former experience on this, do you have recommendation for
>> an open source, easy to deploy solution?
>>
>> thanks
>>
>> -- Massimo
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: rivet-dev-unsubscribe@tcl.apache.org
>> For additional commands, e-mail: rivet-dev-help@tcl.apache.org
>>
> Hello, Massimo
>
> I like fossil like anonymous authorization like this
> https://www.fossil-scm.org/fossil/login
>
> In addition, once I upload a paper for publishing using unique url
> contains uid. I got that url by email, the https has been used, so it
> wasn't so dangerous if user do not share his ulr. This is very easy for
> user system, and quite safe if you use https, but it works mainly for
> invited persons with known mail.
>
>
> -- Alexey (alexkarta.com)
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: rivet-dev-unsubscribe@tcl.apache.org
> For additional commands, e-mail: rivet-dev-help@tcl.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: rivet-dev-unsubscribe@tcl.apache.org
For additional commands, e-mail: rivet-dev-help@tcl.apache.org
Re: [OT] response challenge method
Posted by alexkarta <al...@yahoo.com.INVALID>.
On 10/10/2015 07:42 PM, Massimo Manghi wrote:
> again an off-topic question, but I guess many of you have an answer
> and I tend to trust you, fellow riveters.
>
> I will do a small web site for scientific conference and I must accept
> subscription form data without authentication, so I thought that
> having something like Captcha could be useful for this case.
>
> Do you have former experience on this, do you have recommendation for
> an open source, easy to deploy solution?
>
> thanks
>
> -- Massimo
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: rivet-dev-unsubscribe@tcl.apache.org
> For additional commands, e-mail: rivet-dev-help@tcl.apache.org
>
Hello, Massimo
I like fossil like anonymous authorization like this
https://www.fossil-scm.org/fossil/login
In addition, once I upload a paper for publishing using unique url
contains uid. I got that url by email, the https has been used, so it
wasn't so dangerous if user do not share his ulr. This is very easy for
user system, and quite safe if you use https, but it works mainly for
invited persons with known mail.
-- Alexey (alexkarta.com)
---------------------------------------------------------------------
To unsubscribe, e-mail: rivet-dev-unsubscribe@tcl.apache.org
For additional commands, e-mail: rivet-dev-help@tcl.apache.org