[FX.php List] RE: Security Concerns with FileMaker Website

Kevin Futter kfutter at sbc.melb.catholic.edu.au
Wed Jan 24 18:17:22 MST 2007


On 25/1/07 2:23 AM, "Stephen  Knight" <stephen at fmwebschool.com> wrote:

> Hi Edward and John,
> 
> The reality is that while you can take precautions (JS de-obfuscation of
> email addresses for instance or even hyperlinks), there is no way to stop
> serving pages only to bots without blocking some percentage of real users.
> There are bot detecting scripts for PHP (based on the self-reported
> USER_AGENT variable) but some bots will masquerade as real browsers or just
> not report a user agent at all. Therefore at the current state of the web,
> the only reliable solution that has been found is the usage of a CAPTCHA (
> see http://en.wikipedia.org/wiki/CAPTCHA ) and there are some PHP packages
> such as PEAR::CAPTCHA to implement the image based authentication for you. I
> would suggest using something like this either before displaying your search
> results or when the user selects a link but instead of a redirect he has to
> verify that he is a real user.
> 

The problem with CAPTCHAs though is that they present accessibility problems
for people with vision impairments or cognitive disabilities. They can also
be intrusive for the user, which can often be a serious annoyance. And
ultimately they still end up "blocking some percentage of real users" who
struggle with the concept or its implementation.

-- 
Kevin Futter
Webmaster, St. Bernard's College
http://www.sbc.melb.catholic.edu.au/



------------------------------------------
This e-mail and any attachments may be confidential.  You must not disclose or use the information in this e-mail if you are not the intended recipient.  If you have received this e-mail in error, please notify us immediately and delete the e-mail and all copies.  The College does not guarantee that this e-mail is virus or error free.  The attached files are provided and may only be used on the basis that the user assumes all responsibility for any loss, damage or consequence resulting directly or indirectly from the use of the attached files, whether caused by the negligence of the sender or not.  The content and opinions in this e-mail are not necessarily those of the College.





More information about the FX.php_List mailing list