问题
http://www.myjqueryplugins.com/QapTcha/demo
This plugin looks so user friendly
I'm afraid that once it gets popular it gets easily hackable.
Do you agree ?
回答1:
Is the captcha the slider part? If so yes, it would be trivial to bypass.
When you slide the slider all the way to the right it simply removes some arbitary values from a hidden form field "iQpatcha". When you click submit this (with the rest of the form) gets bundled up an POSTed to the server.
Anyone will fiddler will be able to capture a valid response (with empty iQpatcha field) and replay it with different form values.
The only secure forms of captcha are those that are dealt with completely on the server, an image is generated (on the server) and the POSTed value checked server side to see if it matches. I can personally recommend reCaptcha and lots of high profile sites use it.
回答2:
I find Qaptcha nicely tricky. First, a hidden text field is given a random name, and filled with a random value. Then a session with the name of that field is created. During validation, the correct POST name must be set, but not filled. Bots would have to know not to fill out the form completely, and could not skip the form and go straight to the target.
I have found that reCaptcha has had to become increasingly incomprehensible to the average reader to thwart the bots. Having received many emails complaining that visitors could not complete their form because of reCaptcha, I tried implementing Qaptcha. So far, Qaptcha has been at least as reliable in stopping an acceptable amount of spam without confusing people.
Read more here: http://www.myjqueryplugins.com/QapTcha
来源:https://stackoverflow.com/questions/5564342/jquery-qaptcha-do-you-think-that-this-captcha-system-is-easily-hackable