[Phpwm] Securing feedback forms

Jonathan Adjei jadjei at ntlworld.com
Wed Nov 1 14:44:07 GMT 2006


Hi,
	Good thinking on making sure one check covers all forms. That's a
good pain reducer. I'm using 4 characters in mine  as well, and instead of
distorting the text, I've just misaligned them.

This is a very low traffic site, and so in a perhaps misguided attempt to
maintain accessibility I've also got a mailto link on the contact page that
is obfuscated using javascript. Does anyone have experience of whether this
actually works or not. I'm dubious as surely if a screenreader can cope with
this(?), a bot can too?

jon

-----Original Message-----
From: phpwm-bounces at mailman.lug.org.uk
[mailto:phpwm-bounces at mailman.lug.org.uk] On Behalf Of Ricky Hayes
Sent: 01 November 2006 13:42
To: 'West Midlands PHP User Group'
Subject: RE: [Phpwm] Securing feedback forms


Hi.

I've used them on a few sites, and found them not-too-bad.

I simply have one image-check per session. If it's been entered correctly by
the human, then I don't show the image checks on any other forms.

I've found the best place for them is during login (if appropriate). They
can't login unless they're human!

But if you've got multiple parts when you'd like an image-check, just do the
one, and don't show the others if they've completed one once.

I also keep mine simple, no more than 4 letters/numbers. I don't bother with
non-alphanumeric characters, and I make them case-insensitive.

Personally I'm not a fan of distorting the text, but a nice background
pattern is enough to fox most bots I would have thought.

Let me know if I'm wrong!

Regards,

Ricky.




More information about the Phpwm mailing list