You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cocoon.apache.org by Andrew Madu <an...@gmail.com> on 2006/07/07 01:13:01 UTC
Defending web applications against dictionary attacks
Hi,
just wanted to know what you guys thoughts are on this issue and how, if at
all, you handle it with your own sites?
regards
Andrew
Re: Defending web applications against dictionary attacks
Posted by Andrew Madu <an...@gmail.com>.
Hi Jeroen,
On 07/07/06, Jeroen Reijn <j....@hippo.nl> wrote:
>
> Hi Andrew,
>
> >
> > What am I missing here? It seems that #{$cocoon/parameters/value} is not
> > working?!?
>
> the code I copied into the previous email was just an example. Did you
> check out the cocoon samples?
> Are you getting errors in your logs?
Yes I checked the cocoon samples and am not getting any errors.
Could you check a couple of things:
> - What cocoon version are you using?
Version 2.1.8
- Is the svg2jpeg serializer defined in your application?
Yes. I am already using SVG's within my project.
- Is the Batik block included in your application lib directory?
Yes, Root\WEB-INF\lib\batik-all-1.6.jar
HTH
regards
Andrew
Re: Defending web applications against dictionary attacks
Posted by Jeroen Reijn <j....@hippo.nl>.
Hi Andrew,
>
> What am I missing here? It seems that #{$cocoon/parameters/value} is not
> working?!?
the code I copied into the previous email was just an example. Did you check out the cocoon samples?
Are you getting errors in your logs?
Could you check a couple of things:
- What cocoon version are you using?
- Is the svg2jpeg serializer defined in your application?
- Is the Batik block included in your application lib directory?
Regards,
Reijn
>
> regards
>
> Andrew
>
> On 07/07/06, *Jeroen Reijn* < j.reijn@hippo.nl
> <ma...@hippo.nl>> wrote:
>
> Hi Andrew,
>
> Andrew Madu wrote:
> >
> > 1. In my xml validations definitions file:
> >
> > <fd:captcha id="f1" required="true">
> > <fd:label>Copy the number shown into the input
> field</fd:label>
> > <fd:datatype base="string"/>
> > <fd:validation>
> > <fd:captcha/>
> > </fd:validation>
> > </fd:captcha>
>
> According to the samples in cocoon 2.1.9 this is correct.
>
> > 2. In my jxt file:
> >
> > <ft:widget id="f1">
> > <fi:styling listbox-size="30" class="keyinbox"/>
> > </ft:widget>
>
> Yep seems fine.
>
> >
> > When I submit the form the validation works,
> > validation.captcha.mismatch, the only problem being that I don't know
> > how to display the generated captcha image that needs to be
> entered!!!
> > Do you or anyone else know how to do this?
>
> Yes you can find this in the samples when you build cocoon 2.1.9.
>
> >
> > Secondly is it possible to set properties of the captchareader in the
> > sitemap so as to control the height, width, background color,
> font type
> > etc etc etc of the captcha image and if so how can I do that?
>
> Yes it is. I you use an SVG for the captcha image you can modify all
> these properties.
>
> You will have to have something like this in your sitemap:
>
> <!--
> | Generate the CAPTCHA image. Any type of generator can be
> used here,
> | as long as it reads the string to display from the session
> | attribute named "captcha-{1}".
> | Using an SVG file as input requires that the Batik block be
> | included in the build.
> -->
> <map:match pattern="captcha-*.jpg">
> <map:generate type="jx" src=" captcha-image.xml">
> <map:parameter name="value"
> value="{session-attr:captcha-{1}}"/>
> </map:generate>
> <map:serialize type="svg2jpeg"/>
> </map:match>
>
> With the following captcha-image.xml
>
> <svg width="210" height="75">
> <defs>
> <filter id="blur2">
> <feGaussianBlur stdDeviation="2"/>
> </filter>
> </defs>
> <g id="imagegroup">
> <text
> style="fill:#0086B3;font-size:42;font-family:Courier;filter:url(#blur2);"
> x="0"
> y="48">#{$cocoon/parameters/value}</text>
> </g>
> </svg>
>
> I hope this helps you out a bit more. It's best if you take a look
> at the samples in Cocoon. It will give you a nice
> code overview of how to enable captcha for you website.
>
> Regards,
>
> Reijn
>
>
> >
> > regards
> >
> > Andrew
> >
> > On 07/07/06, *Antonio Gallardo* <agallardo@agssa.net
> <ma...@agssa.net>
> > <mailto: agallardo@agssa.net <ma...@agssa.net>>> wrote:
> >
> > Andrew Madu escribió:
> > > Hi,
> > > just wanted to know what you guys thoughts are on this
> issue and how,
> > > if at all, you handle it with your own sites?
> > CAPTCHA [1] might help. BTW, there is built-in support in
> cocoon. See
> > samples here: [2] [3].
> >
> > Best Regards,
> >
> > Antonio Gallardo.
> > >
> > > regards
> > >
> > > Andrew
> >
> > [1] http://en.wikipedia.org/wiki/Captcha
> > [2]
> >
> http://cocoon.zones.apache.org/demos/21branch/samples/blocks/captcha/welcome
> > [3]
> >
> http://cocoon.zones.apache.org/demos/21branch/samples/blocks/forms/captcha/
> <http://cocoon.zones.apache.org/demos/21branch/samples/blocks/forms/captcha/>
> >
> >
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
> <ma...@cocoon.apache.org>
> > <mailto:users-unsubscribe@cocoon.apache.org
> <ma...@cocoon.apache.org>>
> > For additional commands, e-mail: users-help@cocoon.apache.org
> <ma...@cocoon.apache.org>
> > <mailto:users-help@cocoon.apache.org
> <ma...@cocoon.apache.org>>
> >
> >
>
> --
> Met vriendelijke groet,
> Kind regards,
>
> Jeroen Reijn
>
> Hippo
>
> Oosteinde 11
> 1017WT Amsterdam
> The Netherlands
> Tel +31 (0)20 5224466
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
> <ma...@cocoon.apache.org>
> For additional commands, e-mail: users-help@cocoon.apache.org
> <ma...@cocoon.apache.org>
>
>
--
Met vriendelijke groet,
Kind regards,
Jeroen Reijn
Hippo
Oosteinde 11
1017WT Amsterdam
The Netherlands
Tel +31 (0)20 5224466
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org
Re: Defending web applications against dictionary attacks
Posted by Andrew Madu <an...@gmail.com>.
Hi Jeroen,
right I am now generating an image but the image is just white, there is no
text to be read. What I have done is as follows:
sitemap:
<map:match pattern="captcha.svg">
<map:generate type="jx" src="jx/svg_captcha.jx">
<map:parameter name="value" value="{session-attr:captcha}"/>
</map:generate>
<map:serialize type="svg2jpeg"/>
</map:match>
svg_capture.jx:
<svg width="50" height="50">
<defs>
<filter id="blur2">
<feGaussianBlur stdDeviation="2"/>
</filter>
</defs>
<g id="imagegroup">
<text
style="fill:#0086B3;font-size:42;font-family:Courier;filter:url(#blur2);"
x="0"
y="48">#{$cocoon/parameters/value}</text>
</g>
</svg>
jx template:
<img src="captcha.svg" width="50" height="50"/>
What am I missing here? It seems that #{$cocoon/parameters/value} is not
working?!?
regards
Andrew
On 07/07/06, Jeroen Reijn <j....@hippo.nl> wrote:
>
> Hi Andrew,
>
> Andrew Madu wrote:
> >
> > 1. In my xml validations definitions file:
> >
> > <fd:captcha id="f1" required="true">
> > <fd:label>Copy the number shown into the input
> field</fd:label>
> > <fd:datatype base="string"/>
> > <fd:validation>
> > <fd:captcha/>
> > </fd:validation>
> > </fd:captcha>
>
> According to the samples in cocoon 2.1.9 this is correct.
>
> > 2. In my jxt file:
> >
> > <ft:widget id="f1">
> > <fi:styling listbox-size="30" class="keyinbox"/>
> > </ft:widget>
>
> Yep seems fine.
>
> >
> > When I submit the form the validation works,
> > validation.captcha.mismatch, the only problem being that I don't know
> > how to display the generated captcha image that needs to be entered!!!
> > Do you or anyone else know how to do this?
>
> Yes you can find this in the samples when you build cocoon 2.1.9.
>
> >
> > Secondly is it possible to set properties of the captchareader in the
> > sitemap so as to control the height, width, background color, font type
> > etc etc etc of the captcha image and if so how can I do that?
>
> Yes it is. I you use an SVG for the captcha image you can modify all these
> properties.
>
> You will have to have something like this in your sitemap:
>
> <!--
> | Generate the CAPTCHA image. Any type of generator can be used
> here,
> | as long as it reads the string to display from the session
> | attribute named "captcha-{1}".
> | Using an SVG file as input requires that the Batik block be
> | included in the build.
> -->
> <map:match pattern="captcha-*.jpg">
> <map:generate type="jx" src="captcha-image.xml">
> <map:parameter name="value" value="{session-attr:captcha-{1}}"/>
> </map:generate>
> <map:serialize type="svg2jpeg"/>
> </map:match>
>
> With the following captcha-image.xml
>
> <svg width="210" height="75">
> <defs>
> <filter id="blur2">
> <feGaussianBlur stdDeviation="2"/>
> </filter>
> </defs>
> <g id="imagegroup">
> <text
> style="fill:#0086B3;font-size:42;font-family:Courier;filter:url(#blur2);"
> x="0"
> y="48">#{$cocoon/parameters/value}</text>
> </g>
> </svg>
>
> I hope this helps you out a bit more. It's best if you take a look at the
> samples in Cocoon. It will give you a nice
> code overview of how to enable captcha for you website.
>
> Regards,
>
> Reijn
>
>
> >
> > regards
> >
> > Andrew
> >
> > On 07/07/06, *Antonio Gallardo* <agallardo@agssa.net
> > <ma...@agssa.net>> wrote:
> >
> > Andrew Madu escribió:
> > > Hi,
> > > just wanted to know what you guys thoughts are on this issue and
> how,
> > > if at all, you handle it with your own sites?
> > CAPTCHA [1] might help. BTW, there is built-in support in cocoon.
> See
> > samples here: [2] [3].
> >
> > Best Regards,
> >
> > Antonio Gallardo.
> > >
> > > regards
> > >
> > > Andrew
> >
> > [1] http://en.wikipedia.org/wiki/Captcha
> > [2]
> >
> http://cocoon.zones.apache.org/demos/21branch/samples/blocks/captcha/welcome
> > [3]
> >
> http://cocoon.zones.apache.org/demos/21branch/samples/blocks/forms/captcha/
> >
> >
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
> > <ma...@cocoon.apache.org>
> > For additional commands, e-mail: users-help@cocoon.apache.org
> > <ma...@cocoon.apache.org>
> >
> >
>
> --
> Met vriendelijke groet,
> Kind regards,
>
> Jeroen Reijn
>
> Hippo
>
> Oosteinde 11
> 1017WT Amsterdam
> The Netherlands
> Tel +31 (0)20 5224466
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
> For additional commands, e-mail: users-help@cocoon.apache.org
>
>
Re: Defending web applications against dictionary attacks
Posted by Jeroen Reijn <j....@hippo.nl>.
Hi Andrew,
Andrew Madu wrote:
>
> 1. In my xml validations definitions file:
>
> <fd:captcha id="f1" required="true">
> <fd:label>Copy the number shown into the input field</fd:label>
> <fd:datatype base="string"/>
> <fd:validation>
> <fd:captcha/>
> </fd:validation>
> </fd:captcha>
According to the samples in cocoon 2.1.9 this is correct.
> 2. In my jxt file:
>
> <ft:widget id="f1">
> <fi:styling listbox-size="30" class="keyinbox"/>
> </ft:widget>
Yep seems fine.
>
> When I submit the form the validation works,
> validation.captcha.mismatch, the only problem being that I don't know
> how to display the generated captcha image that needs to be entered!!!
> Do you or anyone else know how to do this?
Yes you can find this in the samples when you build cocoon 2.1.9.
>
> Secondly is it possible to set properties of the captchareader in the
> sitemap so as to control the height, width, background color, font type
> etc etc etc of the captcha image and if so how can I do that?
Yes it is. I you use an SVG for the captcha image you can modify all these properties.
You will have to have something like this in your sitemap:
<!--
| Generate the CAPTCHA image. Any type of generator can be used here,
| as long as it reads the string to display from the session
| attribute named "captcha-{1}".
| Using an SVG file as input requires that the Batik block be
| included in the build.
-->
<map:match pattern="captcha-*.jpg">
<map:generate type="jx" src="captcha-image.xml">
<map:parameter name="value" value="{session-attr:captcha-{1}}"/>
</map:generate>
<map:serialize type="svg2jpeg"/>
</map:match>
With the following captcha-image.xml
<svg width="210" height="75">
<defs>
<filter id="blur2">
<feGaussianBlur stdDeviation="2"/>
</filter>
</defs>
<g id="imagegroup">
<text style="fill:#0086B3;font-size:42;font-family:Courier;filter:url(#blur2);" x="0"
y="48">#{$cocoon/parameters/value}</text>
</g>
</svg>
I hope this helps you out a bit more. It's best if you take a look at the samples in Cocoon. It will give you a nice
code overview of how to enable captcha for you website.
Regards,
Reijn
>
> regards
>
> Andrew
>
> On 07/07/06, *Antonio Gallardo* <agallardo@agssa.net
> <ma...@agssa.net>> wrote:
>
> Andrew Madu escribió:
> > Hi,
> > just wanted to know what you guys thoughts are on this issue and how,
> > if at all, you handle it with your own sites?
> CAPTCHA [1] might help. BTW, there is built-in support in cocoon. See
> samples here: [2] [3].
>
> Best Regards,
>
> Antonio Gallardo.
> >
> > regards
> >
> > Andrew
>
> [1] http://en.wikipedia.org/wiki/Captcha
> [2]
> http://cocoon.zones.apache.org/demos/21branch/samples/blocks/captcha/welcome
> [3]
> http://cocoon.zones.apache.org/demos/21branch/samples/blocks/forms/captcha/
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
> <ma...@cocoon.apache.org>
> For additional commands, e-mail: users-help@cocoon.apache.org
> <ma...@cocoon.apache.org>
>
>
--
Met vriendelijke groet,
Kind regards,
Jeroen Reijn
Hippo
Oosteinde 11
1017WT Amsterdam
The Netherlands
Tel +31 (0)20 5224466
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org
Re: Defending web applications against dictionary attacks
Posted by Andrew Madu <an...@gmail.com>.
Antonio,
many thanks for the information. Unfortunately the documentation links for
the captcha block and captchareader do not work!! So I am working in the
dark here!! What I have so far is:
1. In my xml validations definitions file:
<fd:captcha id="f1" required="true">
<fd:label>Copy the number shown into the input field</fd:label>
<fd:datatype base="string"/>
<fd:validation>
<fd:captcha/>
</fd:validation>
</fd:captcha>
2. In my jxt file:
<ft:widget id="f1">
<fi:styling listbox-size="30" class="keyinbox"/>
</ft:widget>
When I submit the form the validation works, validation.captcha.mismatch,
the only problem being that I don't know how to display the generated
captcha image that needs to be entered!!! Do you or anyone else know how to
do this?
Secondly is it possible to set properties of the captchareader in the
sitemap so as to control the height, width, background color, font type etc
etc etc of the captcha image and if so how can I do that?
regards
Andrew
On 07/07/06, Antonio Gallardo <ag...@agssa.net> wrote:
>
> Andrew Madu escribió:
> > Hi,
> > just wanted to know what you guys thoughts are on this issue and how,
> > if at all, you handle it with your own sites?
> CAPTCHA [1] might help. BTW, there is built-in support in cocoon. See
> samples here: [2] [3].
>
> Best Regards,
>
> Antonio Gallardo.
> >
> > regards
> >
> > Andrew
>
> [1] http://en.wikipedia.org/wiki/Captcha
> [2]
>
> http://cocoon.zones.apache.org/demos/21branch/samples/blocks/captcha/welcome
> [3]
>
> http://cocoon.zones.apache.org/demos/21branch/samples/blocks/forms/captcha/
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
> For additional commands, e-mail: users-help@cocoon.apache.org
>
>
Re: Defending web applications against dictionary attacks
Posted by Antonio Gallardo <ag...@agssa.net>.
Andrew Madu escribió:
> Hi,
> just wanted to know what you guys thoughts are on this issue and how,
> if at all, you handle it with your own sites?
CAPTCHA [1] might help. BTW, there is built-in support in cocoon. See
samples here: [2] [3].
Best Regards,
Antonio Gallardo.
>
> regards
>
> Andrew
[1] http://en.wikipedia.org/wiki/Captcha
[2]
http://cocoon.zones.apache.org/demos/21branch/samples/blocks/captcha/welcome
[3]
http://cocoon.zones.apache.org/demos/21branch/samples/blocks/forms/captcha/
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org