Adding Imagewords for security

ukndoit has asked for the wisdom of the Perl Monks concerning the following question:

I am just wondering how certain sites on their forms have those images that they have to type in the characters that is displayed in that image, to be able to post the form.

I have a client that on her contact us form I built, which does NOT put her email address in the code, someone keeps either using a script to post data to the form, or something. Anyhow, I am wanting to try to add something like that. I don't even know the correct term for what they call that, but is it possible to do that in Perl?

When I view the source code for those sites that do this, I don't see a hidden field to id the image name, so that they can look in the database for the associated image to make sure they are putting it correctly.

I don't even see an input tag to print the image, so how do they know if they put in correct characters in the form field? That is where I am confused. I Do not even see how the site knows which image it was that is printed.

I would really appreciate your wisdom on this.

Even if you can tell me the correct term for it, so I can use the Advanced search, and even use Google to find it.

Thank you very much Xav

Comment on Adding Imagewords for security

Replies are listed 'Best First'.
Re: Adding Imagewords for security by matija (Priest) on Apr 29, 2004 at 18:25 UTC
It's called captcha. Yes, you can do it in Perl. As for how they know which captcha they sent you, they probably set a cookie with a session ID, and then keep track of which captcha goes with which session. Sending the data about the captcha with the form would be a very bad idea. It would defeat the whole purpose. Look at CGI::Session to see how to do session management without sending all the data to the client's browser.	[reply]
Re: Adding Imagewords for security by ukndoit (Sexton) on Apr 29, 2004 at 18:31 UTC
hmm, using sessions would be the ideal way to do it! Excellent! Thank you much! Thank you very much Xav	[reply]
•Re: Adding Imagewords for security by merlyn (Sage) on Apr 29, 2004 at 19:00 UTC
See the previous thread, and beware being in violation of federal requirements. -- Randal L. Schwartz, Perl hacker Be sure to read my standard disclaimer if this is a reply.	[reply]
A reply falls below the community's threshold of quality. You may see it by logging in.
Re: Adding Imagewords for security by halley (Prior) on Apr 29, 2004 at 18:34 UTC
Please be aware that any "type the thing you see in this image" assumes that the client is fetching images, and further, that the client's user can actually see. Blind users use the web too, you know. -- `[ e d @ h a l l e y . c c ]`	[reply]
Re: Adding Imagewords for security by waswas-fng (Curate) on Apr 29, 2004 at 18:25 UTC
They may have tucked away the "password" that is exposed in the image and expected in the post data in the session store. That way they just look at the data submitted -- and if it does not match the expected string action is taken. -Waswas	[reply]