mike's web log/comments

 
1. Original Entry + Comments2. Write a Comment3. Preview Comment
New comments for this entry are disabled.


October 01, 2004  |  Control to prevent spam submissions  |  3378 hit(s)

Jeff Atwood has made available a custom ASP.NET server contol (source included) that implements CAPTCHA anti-bot protection to Web pages. A canonical use would be to add the control to your blog comment submission page; users have to type in a sequence of characters generated by the control in order for the post to be submitted. Like this:



(That's an image of the control, not the control itself.)

As he promises in his post, it's easy to use -- add as a custom control to your site/project, add an element to your Web.config, and go. The control does all the work of generating the image and checking it on postback. As with validators, all you have to do is test the control's UserValidated property to determine whether the user got it right.

My only issue with CAPTCHA generally is that the algorithm used to distort the secret text sometimes warps it so much that it can be hard to make out the characters. However, that's an issue with the way the image generation works (and I've seen this in other examples of the same technique), not any criticism of the control itself.





Colt   01 Oct 04 - 10:10 AM

I like the concept of CAPTCHA, as I'm kind of sick due to the email and comment spam... I agree with you that the image sometimes distort and hard to read it, especially for few web pages include "case sensitive" characters. IMO, the idea of using CAPTCHA is very good and prevent a form to be submitted by a robot, so an image and character(s) in normal style should be OK. Otherwise, the robot must be smart enough and scan/parse the "image".

 
Mike   01 Oct 04 - 10:48 AM

>Otherwise, the robot must be smart enough and scan/parse the "image".

Jeff notes that he's tested the control's rendering against OCR software; I assume that the text warping is used to defeat software that could theoretically scan images and extract text. (?)

 
Jeff Atwood   03 Oct 04 - 1:09 AM

My only issue with CAPTCHA generally is that the algorithm used to distort the secret text sometimes warps it so much that it can be hard to make out the characters
Download the latest version; you can set # of characters and warping factor among other improvements.

As you correctly note, it's a tradeoff between human readability and machine readability.

 



 

mike pope  | about this blogdisclaimer |   | Creative Commons License