captchagen

Discussion re sg development. You don't have to be a developer.

Postby josh » Wed Jan 07, 2004 3:53 am

I'll try those modules tomorrow....
josh
 
Posts: 1371
Joined: Fri Aug 29, 2003 2:28 pm

Postby josh » Fri Jan 09, 2004 4:19 am

I've got the modules installed on the mail machine. I've at least nominally got XMLRPC::Lite installed on the web machine, although I probably don't have all the dependencies in place. I'm pretty optimistic about that, though.
josh
 
Posts: 1371
Joined: Fri Aug 29, 2003 2:28 pm

Login on web server

Postby SysKoll » Fri Jan 09, 2004 8:52 am

Josh,

Is it possible for me to obtain an ssh login on the web server (non-root of course) in order to test the client-server setup?

I can do some tests on my own machines, but as you know, there are always differences.
-- SysKoll
SysKoll
 
Posts: 889
Joined: Thu Aug 28, 2003 9:24 pm

Postby josh » Mon Jan 12, 2004 11:35 pm

did you get the email I sent?
josh
 
Posts: 1371
Joined: Fri Aug 29, 2003 2:28 pm

Postby SysKoll » Tue Jan 13, 2004 12:31 am

Josh,

I got your email. I found a way (two, actually) to perform the remote call. Very busy, will append later. Sorry for being in short shrift mode.
-- SysKoll
SysKoll
 
Posts: 889
Joined: Thu Aug 28, 2003 9:24 pm

Postby josh » Tue Jan 13, 2004 4:49 pm

far be it from me to think other people are too busy :)

I'll begin work on the UI for getting the address to send to.
josh
 
Posts: 1371
Joined: Fri Aug 29, 2003 2:28 pm

captcha server is ready

Postby SysKoll » Wed Jan 21, 2004 11:51 pm

Hello guys,

The captcha server is ready. I installed it on the web server in the ~sgserv/captchasrv-1.0 dir. Take a look at the README. It's currently running. Ping me if you cannot figure out how to use it.
-- SysKoll
SysKoll
 
Posts: 889
Joined: Thu Aug 28, 2003 9:24 pm

Postby josh » Thu Jan 22, 2004 11:20 pm

it really works!

So, at the risk of appearing blockheaded (never stopped me before), I'd like to rough out how we make this work here.

cgserv (that's short for captchaserv) works like a web server and gives you a cool image in response to an http request that includes the word that will be contained in the image -- right?

the sg webserver would figure out what word it wants to use, then use lwp or something to make the request to cgserv and get the image -- it would then make up a name for the image file, save it on the webserver, and present it to the user as part of the sign-up page? That is, the user page image tag-url will go to a real image file on the spamgourmet webserver rather than to the cgserv url?
josh
 
Posts: 1371
Joined: Fri Aug 29, 2003 2:28 pm

Postby SysKoll » Fri Jan 23, 2004 3:22 am

cgserv (that's short for captchaserv) works like a web server and gives you a cool image in response to an http request that includes the word that will be contained in the image -- right?


Right.

the sg webserver would figure out what word it wants to use, then use lwp or something to make the request to cgserv and get the image -- it would then make up a name for the image file, save it on the webserver, and present it to the user as part of the sign-up page? That is, the user page image tag-url will go to a real image file on the spamgourmet webserver rather than to the cgserv url?


Yep, that's the principle. The captchaserv directory even has a file with a couple of perl routines to help pick the word.

My first reaction when I read your message was to think "Wait, why do we have that intermediate stage? Why do we have to slurp the captcha from cgserv to the web server instead of just putting the cgserv URL on the user registration page?" Well duh, of course: because right now, the cgserv URL contains the captcha word. Some security.

So with the current scheme, we have that intermediate stage (the captcha copied from cgserv to web server) which is a useless burden. Why not suppress it? Here is what I suggest. I modify the captchasrv code so that it makes up a random captcha file name and saves the captcha to that file. Then it returns the name of the file -- just the name -- to the caller on spruce.

Since the machine on which cgserv runs (gourmet) has its own HTTP server, all you now have to do to show that image to the user is to put the captcha URL (with the random name) in an image tag in the user registration page. Of course, cgserv has to put the captcha image in a web-accessible dir, clean up old images, etc. All things that would have to be coded on spruce in the current scheme anyway.

This would save some CPU and bandwidth.

Shall I do it?
-- SysKoll
SysKoll
 
Posts: 889
Joined: Thu Aug 28, 2003 9:24 pm

Postby josh » Fri Jan 23, 2004 4:12 am

That'll work -- I'll set up images.spamgourmet.net to point to a folder in the sgserver directory for the images. Don't worry about cleanup right away if it's a pain, I can just do that manually every so often.
josh
 
Posts: 1371
Joined: Fri Aug 29, 2003 2:28 pm

Good

Postby SysKoll » Fri Jan 23, 2004 5:24 pm

OK, let me know when images.spamgourmet.net is set up. Also, let me know the max size of the image directory. Automatic cleanup is simple, don't worry.
-- SysKoll
SysKoll
 
Posts: 889
Joined: Thu Aug 28, 2003 9:24 pm

Postby josh » Fri Jan 23, 2004 11:37 pm

it's up. Don't worry about the size -- we can allocate gigs and gigs if need be.
josh
 
Posts: 1371
Joined: Fri Aug 29, 2003 2:28 pm

New version of captchasrv up and running

Postby SysKoll » Sun Jan 25, 2004 1:48 am

Guys,

The new version is up. See ~sgserv/captchasrv-1.1 on gourmet. It's currently running on its default port.
-- SysKoll
SysKoll
 
Posts: 889
Joined: Thu Aug 28, 2003 9:24 pm

Postby maratheamit » Sun Jan 25, 2004 4:06 pm

The image file can be named after the username (rather than a randomly generated string). This will simplify debugging for registration issues.
maratheamit
 
Posts: 82
Joined: Fri Aug 29, 2003 2:35 pm

Postby SysKoll » Sun Jan 25, 2004 4:42 pm

Amit,

We already discussed that, I believe. I reread this thread, and there was a very interesting discussion around Nov 6. We decided that we would need to append the username with a random or timestamp suffix.

Josh, I draw your attention to Amit's idea for checking the quizword:

We can build a string by concatenating a secret key and the quizword returned by catchagen, create a hash, and send the hash to the user as a hidden value field. Without the secret key, the chances to find the right hash are pretty slim.


You don't really need the user name in the image name for debugging, because the captcha server returns the name of the generated image anyway. However, if you really think it's necessary, I could change the server to introduce this change - the calling convention would have to change too.
-- SysKoll
SysKoll
 
Posts: 889
Joined: Thu Aug 28, 2003 9:24 pm

PreviousNext

Return to Developers

Who is online

Users browsing this forum: No registered users and 1 guest

cron