You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cocoon.apache.org by Mark Lundquist <ml...@comcast.net> on 2006/11/09 23:13:22 UTC
Thoughts about captcha stuff
Hi,
I added captcha validation to one of my projects this morning, using
the CForms <captcha> widget and the CaptchaReader from the Cocoon
captcha block. It was pretty much a snap :-).
I have some feedback, let's talk about it and I'll file JIRA issues for
anything still left standing when we're done :-)
1) Control over display of the captcha image
The CForms <captcha> widget treats the captcha image as part of the
image; the widget takes care of generating the <img> element. I think
I would like to be able to do this myself. I should be able to control
the positioning of the captcha image within the page layout, give it a
CSS id or class (maybe I want a CSS rule to control border properties ,
etc.) and so on. Maybe I don't want it to always be just right between
the widget label and the input field :-)
2) Control of URI of the captcha image
The <captcha> widget generates an <img> element w/ a page-relative URI
in the src attribute, like "captcha-38459.jpg". I think it should be a
little more flexible; as it is, I have to play games in the sitemap
with precedence of matchers to make sure the right pipeline gets
invoked.
3) Configurability of character set
Certain groups of characters can be very hard to disambiguate in the
presence of captcha-esque distortions :-), e.g. "O/o/0", "1/l",
"S/s/5", "X/x", "C/c", "i/j", etc. This can be font-dependent as well,
to a degree. So, it would be nice to be able to configure the
character set used to generate captcha strings.
4) Architecture / ability to integrate different image generators
It seems there are 3 components to a captcha system: a random string
generator, an image generator, and a checker. The image generator and
checker both are consumers for the string produced by the string
generator, and it appears that various captcha systems have different
ways of packaging these components. In Cocoon, the string generator is
integrated with the checker. As far as the image generator goes, you
can use anything, as long as you have some way of getting the text from
our session key into the image generator.
SimpleCaptcha [1] looks like a nice captcha image generator, and I'd
like to try integrating it with a CForms application. But
SimpleCaptcha assumes a different architecture, in which the string
generator and the image generator are packaged together, and it's the
checker's job to obtain the check string from this component. To allow
the use of CForms captcha validation with any image generator, it
should be configurable whether it's to function as the string producer
(i.e., use native string generator) or consumer (i.e., use
method/source/whatever provided to obtain the check string from
elsewhere) of the check string. I can think of a couple of ways this
could go together... any ideas?
5) Use CaptchaReader instead of SVG captcha generation in CForms
captcha sample
The image generator from the captcha block makes better captchas IMHO
than the SVG-based example in the CForms samples; and, if we want a
sample that's closer to what most users are likely to do, why drag in
the rather heavyweight dependency tree of SVG for this? So I would
suggest switching the CForms captcha sample to use the CaptchaReader
instead.
WDYAT?
cheers,
—ml—
[1] http://simplecaptcha.sourceforge.net/
Re: Thoughts about captcha stuff
Posted by Mark Lundquist <ml...@wrinkledog.com>.
ugh... brain not fully warmed up...
On Nov 9, 2006, at 2:13 PM, Mark Lundquist wrote:
> [...] The CForms <captcha> widget treats the captcha image as part of
> the image;
I meant to say, "as part of the widget".
> [...] if we want a sample that's closer to what most users are likely
> to do, why drag in the rather heavyweight dependency tree of SVG for
> this?
I meant to say, "of Batik for this".
—ml—