This is not visually-handicapped friendly, to say nothing of people without
image-rendering user agents. It may be a better idea to use the old
newsgroup spam-blocking trick:

To activate your account, enter the following word without spaces:

A C T I V A T E

or something along those lines. Words or symbols can be used instead of
spaces, and the word can be broken up into chunks instead of separated
letter by letter.

That said, there are third-party ASP objects that allow you to generate
images on-the-fly. A google search for +"ASP" +"Dynamic Image" should turn
up a few. I don't remember seeing one that could generate a picture from a
word, though, that may take some coding. You'd end up using something like

Type the following word:
<img
        src="dynamicimage.asp?word=<% = Server.URLEncode(sWord) %>">
>

where dynamicImage.asp returns an image equivalent of the word you want to
encode.

I must urge against doing this though as visually handicapped people won't
be able to parse the image.

-----Original Message-----
From: Jeff Miller [mailto:JeffMconcur.com]
Sent: Monday, January 07, 2002 11:20
To: focus-mssecurityfocus.com
Subject: Graphical Alpha-numeric String use to defeat automated-script
att ack on manual HTTP validation requests

Good Morning,

I have seen several websites with validation processes involving the
entering of an alpha-numeric string presented by the HTTP server in picture
format. This serves to severely cripple automated account genreators for
public-access accounts like web mail and the like. I am interested in this
technology, and wish to find a package that does this. Does anyone know of
such a package or website describing how to accomplish this task easily? Is
there a method to integrate this functionality into IIS 5.0?

> Jeffrey Miller
> Security Specialist
> Concur Technologies
> 425 497 5926
> jeffmconcur.com
>
>

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]