5 Replies Latest reply on Aug 14, 2007 10:06 AM by rboutin

    Human Input Validation




      if "Human Input Validation" is activated (see http://www.jivesoftware.com/community/confirmation/imageconfirmationservlet ) one will see a captcha while registering or even while logged in.

      This captcha looks nice, but it has in my opinion some disadvantages:

      1. One can fetch the image more than one time and every version looks different but is using the same text - so if OCR fails for the first image then one can try it again and again with another one.

      2. All characters appear to be within one single line, separated from each other and only a little bit rotated.

      3. The same background for all captcha images - this makes it very easy to remove the background by calculating the difference.

      With a threshold value of 220 one will get a very nice black and white image of the text.

      So it will soon look like this:

      <img src="http://www.jivesoftware.com/community/servlet/JiveServlet/download/50240-2694/S4ORD5.png"/>


      So I feel free to suggest:

      1. Don't use a fixed background, a random background is much better. Noise or dither can be removed without much pain.

      2a. Use the full height and width of the image to display the characters, there's no need for a useless border.

      2b. Make sure that some characters overlap and use a rotation of +-45? together with the other techniques you currently use.

      2c. Use different fonts and colors, at least make sure not to use one of the standard fonts as OCR programs support these best.

      2d. Add some Webdings and Wingdings characters or other small images to the captcha.

      2e. Add some lines in the same color as the characters.

      3. Make sure that the image is generated only one time per registration.


      Maybe the ImageConfirmationServlet should create the session cookie, so it could care about the requests per minute and IP address and limit this.



        • Re: Human Input Validation

          Hey LG, thanks for the great feedback on the human input validation! This is great feedback on the feature.

            • Re: Human Input Validation

              Hi Greg,


              is it possible to specify some fonts (or a font directory) to use for the Captcha?

              There are a lot of free fonts available like "Zebra Parade" or "Zoomorphica" on for example http://www.fontasy.de/ . So I'd like to use them and limit the characters which are used within the Captcha as some fonts contain only "A-Z", no "a-z" and no numbers.

              Not sure if you have a configuration file where one can specify the installed fonts and available characters. Is it possible to limit the colors for the captcha and set a min. and max. font size? Limiting the distortion or warp of fonts may also be nice as some fonts look already very ugly.

              And I'd like to be able to specify fonts like "Zentraedi", "LitteBigMan" and similar fonts to confuse OCR tools.


              And I wonder if you have a directory for backgrounds? I thought that a sample background should be at least 2x the size of the Captcha size so the Servlet can move the background around to make the Captcha background more random. Dropping new backgrounds there should be quite easy.


              With so many user options (even if they are not in the Web GUI) it would be nice to have also a "Test Captchas" button to generate a page with a lot of Captchas and the text a user would need to enter. Just in case that some fonts get rendered too bad or some backgrounds are too evil.