Page 1 of 4 123 ... LastLast
Results 1 to 10 of 31

Thread: Ext Form Captcha

  1. #1

    Default Ext Form Captcha

    Hey guys. I just had a great idea while doing a form on my public site and I want to know what the UX community though of it.

    Have a form field that would build out put a generated image from a specified url that you provide and then allow an input dialog so that they could input what the image says.

    Let me know. I might just have to work on this.
    Jon
    Lead Internal Application Engineer - SugarCRM
    h2ik.co

  2. #2
    Sencha User JeffHowden's Avatar
    Join Date
    Mar 2007
    Location
    Forest Grove, OR
    Posts
    1,038

    Default

    You mean something like this (only fully extized)?

    http://www.jeffhowden.com/code/coldfusion/captcha/

    Certainly any validator that's used must be a server-side one so as to not expose the CAPTCHA string.
    Jeff Howden
    Ext JS - Support Team Volunteer
    [email protected]

  3. #3
    Ext User amon's Avatar
    Join Date
    Apr 2007
    Location
    Budapest
    Posts
    109

    Default

    Jon:

    The captcha value never can be sent to the client side, because of the spammers could catch it. And if the spammers could catch the value, what is the good of it?
    Of course, I have my own captcha engine too. But it's PHP class for my own framework, and the ext form have only an image (like Jack's photo in the ext basic form example) with a spec. url.
    Because of the value never can be sent to client side, the captcha checking must be on server side too.
    If you like, I can publish my captcha engine. If you can use it.
    Here is an example: http://chat.theba.hu/.
    (The chat application is under development, if reach the stable state, I'll publish it under LGPLv3 of course, here, on this site too. )

  4. #4
    Sencha Premium Member steffenk's Avatar
    Join Date
    Jul 2007
    Location
    Haan, Germany
    Posts
    2,675

    Default

    Hi Amon,

    this is a nice integration.
    As CAPTCHA won't work as Client app i use it also with php only. So my question is, how you integrated it. I looked to the code and didn't found the integration of the captcha picture into the form.
    vg Steffen
    --------------------------------------
    Release Manager of TYPO3 4.5

  5. #5
    Ext User amon's Avatar
    Join Date
    Apr 2007
    Location
    Budapest
    Posts
    109

    Default

    steffenk:

    for example:
    Code:
    this.loginLayout.getEl().createChild({
    	tag: 'center',
    	cn: {
    		tag: 'img',
    		src: this.urls.system + 'code/'
    	}
    });
    Where this.url.system is the base url of the site.
    I said, this is like Jack's photo in the basic form example.

  6. #6
    Sencha Premium Member steffenk's Avatar
    Join Date
    Jul 2007
    Location
    Haan, Germany
    Posts
    2,675

    Default

    ok, i see thx amon.

    What is the state of your chat app? I need some chat for a project and i don't know atm which chat i should use for it.
    Thx for your creativity - the color picker is a nice extension too.
    vg Steffen
    --------------------------------------
    Release Manager of TYPO3 4.5

  7. #7

    Default

    Jeff this is true and i understand that but see the problem I'm having is there is no easy way to put captcha in an Ext form right now and I just want to provide a utility to do that. the captcha would still have to be validated by the server side when you submit what they typed in.
    Jon
    Lead Internal Application Engineer - SugarCRM
    h2ik.co

  8. #8
    Sencha User JeffHowden's Avatar
    Join Date
    Mar 2007
    Location
    Forest Grove, OR
    Posts
    1,038

    Default

    Agreed, Jon. Different implementations require different details. For example, Amon's doesn't appear to require any sort of "key" to be sent with the text to validate it, presumably because he's storing it in the session. However, in my implementation, I need the filename and the hash of the CAPTCHA text because I don't want to use a session simply to implement a CAPTCHA.

    So, whatever the Ext implementation, it needs to be configurable such that additional parameters can be sent to the server to assist with validation. I'd probably also recommend that everytime the text fails, the CAPTCHA text image is replaced with a new one (to thwart automated attacks).
    Jeff Howden
    Ext JS - Support Team Volunteer
    [email protected]

  9. #9
    Ext User DigitalSkyline's Avatar
    Join Date
    Apr 2007
    Location
    Rochester, MI
    Posts
    461

    Default

    While I understand that someone somewhere might be that motivated to write a program to defeat it... for the normal 99.999999% using ajax to get the codeword, and writing it to an ext field (posibly a triggerField?) would be good enough security for 99.99% of forms (or am I just an optimistic fool?)

    I think it'd be cool ux. The server still has to validate etc.

  10. #10
    Ext User amon's Avatar
    Join Date
    Apr 2007
    Location
    Budapest
    Posts
    109

    Default

    Quote Originally Posted by JeffHowden View Post
    Agreed, Jon. Different implementations require different details. For example, Amon's doesn't appear to require any sort of "key" to be sent with the text to validate it, presumably because he's storing it in the session.
    Of course, I store it in session, database or I calculate it based on time, server, client and browser data. But I never store something on client side, because of I never could be sure, that somebody do not build an application for catch this code or hash, or something with related with the captcha. Store on client side or send anything to the client (and vica versa) is not secure.

    And this is the point why I do not sure that good idea to build a javascript implementation of any captcha. On client side, it is not secure. If it is not secure, what is the good of it?

Page 1 of 4 123 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •