Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Page 2 of 2 FirstFirst 12
Results 16 to 20 of 20
  1. #16
    Super Moderator
    Join Date
    May 2002
    Location
    Perth Australia
    Posts
    4,108
    Thanks
    11
    Thanked 101 Times in 99 Posts
    Quote Originally Posted by paddyfields View Post
    The most apparent flaws I can see are that it can only run on flash or HTML5, so if a user doesn't have flash installed or are using an older browser that doesn't support HTML5, then it won't work. I've decided not to use it as I don't like the idea of forcing a user to upgrade their browser or install a flash plug just because they want to enter a form on my site.
    I see that point...
    ... but even if it were say HTML5 in a HTML5 compliant era I seriously don't want to have to play a game or something simply to submit a form, I will go somewhere else unless the site really is giving away a free ipad cos I am the lucky 43'000th visitor (so I can sell it and get a Samsung tablet instead)
    resistance is...

    MVC is the current buzz in web application architectures. It comes from event-driven desktop application design and doesn't fit into web application design very well. But luckily nobody really knows what MVC means, so we can call our presentation layer separation mechanism MVC and move on. (Rasmus Lerdorf)

  2. #17
    Master Coder felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, Australia
    Posts
    6,642
    Thanks
    0
    Thanked 649 Times in 639 Posts
    Quote Originally Posted by paddyfields View Post
    That's true, however is does help to stop a bot flooding your database though and possibly crashing the site. For example on a sign up form if the limit was set to 20 seconds for example, there couldn't be more than 5 a minute, so 300 a hour. It would be a lot more manageable that 20000 a second being entered into the database.

    I might just use it as an additional measure... hmmm.
    One place where I have implemented it where it doesn't even need any extra fields in the form to work is with a login form. Any attempt to login within 15 seconds of a rejected login attempt for the same user will be rejected. Any attempt to break into someone's account either has to guess the password correctly on the first try or build a delay of over fifteen seconds between attempts. The password invalid message asks members to wait a minute or so before trying again.
    Stephen
    Learn Modern JavaScript - http://javascriptexample.net/
    Helping others to solve their computer problem at http://www.felgall.com/

    Don't forget to start your JavaScript code with "use strict"; which makes it easier to find errors in your code.

  3. #18
    Senior Coder alykins's Avatar
    Join Date
    Apr 2011
    Posts
    1,901
    Thanks
    46
    Thanked 202 Times in 201 Posts
    Quote Originally Posted by iBall View Post
    paddyfields is this threads original poster, not you.

    And I posted the link in the hope it might help answer his original question.
    Well aware- hence
    Quote Originally Posted by alykins
    I was going to post this in a new thread

    this thread references this site- I thought it was really cool. I didn't want to steal that thread, but I would like to know what you client side scripting guru's think of that-
    but then I felt responses would be relevant to what paddyfields was/is asking- So I am posting it here (and asking in addition to OP's Q).
    and...

    Quote Originally Posted by alykins
    I don't know which is the lesser of two evils- thread jacking or spawning a new thread that will be spawn another argument... could someone answer Q I posed? I am just curious as to whether the game alternative is effective or not and how it pits against standard captchas (not human vs bot vs terminators)... that website offers splendid info on how "good" it is- but I cannot find any info on it's flaws (there have to be flaws)
    wasn't attacking you there Ace- no need to act all "super star" about it.

    @firepages- Thanks for your reply- I agree in that I feel half-half about it... it looks cool (I think), and I like it- but I feel it would tank a professional site :|


    Worth noting is that it comes from this link- again not a huge client side scripter, so pardon if it is a stupid Q, but isn't that just regular js? (ie I know it would be hard as h* but couldn't it be programmed to be 'won' by a bot?)

    and before you troll me iBall, my reply/new question (moreover elaboration of my original question- or at least the point of it) has direct relevance in clarification of the OP's original Q
    Quote Originally Posted by paddyfields
    It only runs with either Flash or HTML 5 which immediately makes me think it's not a good idea?
    and is also on par with the OP's entire theme
    Eg. If you are looking for something that is less breakable programmatically, then knowing whether or not this "new method" is as easily, or conceivably cracked is an answer he/she most likely would like to know (ie why waste time or investigate method if it gains you nothing).

    I code C hash-tag .Net
    Reference: W3C W3CWiki .Net Lib
    Validate: html CSS
    Debug: Chrome FireFox IE

  4. #19
    Regular Coder
    Join Date
    Dec 2010
    Location
    London
    Posts
    339
    Thanks
    63
    Thanked 11 Times in 11 Posts
    One place where I have implemented it where it doesn't even need any extra fields in the form to work is with a login form. Any attempt to login within 15 seconds of a rejected login attempt for the same user will be rejected. Any attempt to break into someone's account either has to guess the password correctly on the first try or build a delay of over fifteen seconds between attempts. The password invalid message asks members to wait a minute or so before trying again.
    That's a nice approach but I think it might annoy the user if you just happen to type your password incorrectly the first time. Maybe using your method but have a session storing the 'attempts' made to login, and after 3 unsuccessful attempt then incorporate a 30 second delay? Thanks for the idea I'm definitely going to implement it.
    Last edited by paddyfields; 06-22-2012 at 11:51 AM.

  5. #20
    Regular Coder
    Join Date
    Dec 2010
    Location
    London
    Posts
    339
    Thanks
    63
    Thanked 11 Times in 11 Posts
    @firepages- Thanks for your reply- I agree in that I feel half-half about it... it looks cool (I think), and I like it- but I feel it would tank a professional site :|
    Yeah I agree with that, unless it's customisable then I don't think it will look all that great on a professional site. It's a nice novel approach though.


 
Page 2 of 2 FirstFirst 12

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •