Re: [OctDev] Re: Oddmuse Passwords (was Re: Website Updates) (fwd)

[Miquel Cabanas]

(shame on me for not completing my self-imposed home work, it's a lame
excuse, but if it help to indulge on me... these are rather hectic
times)

On Fri, 2006-03-17 at 09:02 -0600, Joshua Rigler wrote:
> Maybe this has already been suggested/tried, but what about using some 
> sort of free/open source CAPTCHA program?

late January I contacted the author of the wiki server used by Octave
wiki about this issue. See below my message and his reply. Briefly, his
advice is against that sort of access control. Indeed, after doing some
research on the subject, I found that it's a bullet vs shield head to
head race, and that there's freely available code that defaces the
simpler ones, while the difficult ones are difficult too for humans. He
proposed instead,

1. blacklisting URL
2. smart questions asker extension, already available for his wiki
server. The asker distinguishes human from bots by posing a random
question chosen from a list. See the oddmuse link below for an example.

Miquel


-------- Forwarded Message --------
> From: Miquel Cabanas <address@hidden>
> Reply-To: address@hidden
> To: address@hidden
> Subject: catpcha perl implementation for oddmuse?
> Date: Fri, 20 Jan 2006 10:37:31 +0100 
> hi Alex,
> 
> several months ago, the Octave wiki page [1] was defaced by a spam bot
> [2]. This led the wiki administrators to lock the wiki site, which
> turned to be a good idea to prevent attacks but also discouraged users
> from contributing to the website [3].
> 
> I was about to post a message to the Octave list proposing to replace
> the current IP-based access control protocol with a CATPCHA based
> system, but I have just seen that catpcha is not yet implemented in
> Oddmuse, although it is being considered.
> 
> According to the Wikipedia, there are already two Perl packages
> implementing catpcha [4]. Do you think they could be used in Oddmuse?
> How difficult would be to include them in Oddmuse?
> 
> [1] http://wiki.octave.org/
> [2] http://users.isr.ist.utl.pt/~etienne/wiki.pl-defaced-edited.html
> [3] http://wiki.octave.org/wiki.pl?WikiDiscussion
> [4] http://en.wikipedia.org/wiki/Captcha#Perl
> 
> I look forward to hear your opinion before sending the message to the
> Octave community.


-------- Forwarded Message --------
> From: Alex Schroeder <address@hidden>
> To: address@hidden
> Subject: Re: catpcha perl implementation for oddmuse?
> Date: Fri, 20 Jan 2006 17:44:49 +0100 
> Personally, we've switched to blacklisting URLs.  That doesn't work
> for you?  Personally I dislike tests based on images because that
> locks out the blind and users of text browsers.  There's also the
> question asker extension which works with text only.  I like that
> one...
> 
> http://www.oddmuse.org/cgi-bin/oddmuse-en/QuestionAsker_Extension
> 


-------- Forwarded Message --------
> From: Miquel Cabanas <address@hidden>
> Reply-To: address@hidden
> To: Alex Schroeder <address@hidden>
> Subject: Re: catpcha perl implementation for oddmuse?
> Date: Fri, 20 Jan 2006 18:14:54 +0100 
> thanks for your reply. In the meanwhile, I've become more familiar with
> the pros and cons of the captcha approach, and have realised that the
> simple ones are also easy to deface while the hard ones can't be hard to
> solve also for humans. And yes, eye impaired people or those using text
> browsers are left out.
> 




-------------------------------------------------------------
Octave is freely available under the terms of the GNU GPL.

Octave's home on the web:  http://www.octave.org
How to fund new projects:  http://www.octave.org/funding.html
Subscription information:  http://www.octave.org/archive.html
-------------------------------------------------------------