At 12/2/2004 10:02 Thursday, AccuSpam wrote:
Specifically a probable way to block/disincentivize proxy display of the
image based turing test (challenge), is to serve the image and html for
page from HTTPS only. If the image is loaded by a proxy web page from a
2nd level domain different from 2nd level domain of image, then browser
will at least display a warning, so displaying the image on proxy page
will not go smoothly if at all. Attempting to submit by script (a
"hidden" small or obscured) frame (or window) from a proxy web page from a
different 2nd level domain will be denied by security error in browser:
Using a pretty simple PHP script, the CAPTCHA can be embedded into a new
image which is then delivered to the client, no matter if you use HTTP or
HTTPS; the final request from the client has nothing to do with the
original request to the CAPTCHA image.
Andreas
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg