New CAPTCHA Services Being Reworked

by Jon Davis 2. August 2009 16:35

So a few posts back I mentioned CAPTCHAThisYo.com (CAPTCHA This, Yo!), a web site name that took me all of about 5 seconds of creative exploration to come up with, whereby I was inspired by ReCAPTCHA and other similar CAPTCHA services but wanted to provide a more diverse, multi-format CAPTCHA web site/service that exposed a number of various CAPTCHA algorithms that multiple web sites can use.

The prototype failed when I forgot that cross-site scripting blocked my prototype once I deployed it. I felt so stupid, I’ve been doing this stuff for over a decade and hadn’t paid attention to the browsers’ evolution of blocking cross-site script calls; stuff I was able to do years ago I can’t do anymore because of browser security constraints.

So I spent some time looking at various workarounds. First I looked at Flash as a client-side proxy, which had me stumped because it just plain wouldn’t work and wouldn’t provide any feedback. Then I discovered JSONP, which is what Yahoo!’s APIs use. This had me stumped, too, but see my previous post; it didn’t work, either, but that’s because the browser won’t perform lately-invoked script references from ‘localhost’. Once I got around that, I decided JSONP will be the cross-domain scripting method of choice.

I might be abandoning CAPTCHAThisYo.com, not because I want to abandon a CAPTCHA service but a) because it’s a ridiculous name, and b) because the scope changed. I figured out how to make the CAPTCHA algorithm a public-submissions based community without asking users to upload .NET interface-implementing assemblies to a server that runs stuff automatically. I also discovered that OpenCAPTCHA.org and OpenCAPTCHA.net are available, so I snagged those, and humanticate.com/humanticate.net (a word merge of “human” and “authenticate”) as well.

I spent this evening compiling a rough draft of a spec that I’ll post on OpenCAPTCHA.org, eventually have posted on OpenCAPTCHA.org. The rough draft doc has been written. The basic idea is simple: there are two (2) types of services, a Challenge service and a Challenge-Answer provider service. A Challenge-Answer provider service returns a JSON object consisting of a challenge (question, image, etc) and an answer (array of possible acceptable answers). This Challenge-Answer provider is invoked by either a Challenge service that passes the Challenge to the client that then passes the user’s answer to the consuming web site’s server that then calls the Challenge service to validate the answer, or by a web site’s server that retains the answer for validation on its own, without a Challenge server acting in the middle. The former is easier to implement, the latter is more performant.

So these are going to be the web site / service URLs:

http://www.opencaptcha.org/ – Will define the OpenCAPTCHA.org spec 
http://www.opencaptcha.net/ – Will expose a formal list of OpenCAPTCHA.org spec compliant service providers (Challenge services and Challenge-Answer provider services) 
http://www.humanticate.com/ – Will be a branded CAPTCHA service that complies with OpenCAPTCHA.org spec. CAPTCHA algorithms are proprietary. 
http://open.humanticate.com/ - Will be a community-driven sandbox of CAPTCHA providers where user-created algorithms can be rated and commented on.

Be the first to rate this post

  • Currently 0/5 Stars.
  • 1
  • 2
  • 3
  • 4
  • 5

Tags:

Computers and Internet | Web Development

CAPTCHA This, Yo! - Early Alpha

by Jon Davis 14. July 2009 01:54

I've posted a mini-subproject:

http://www.CAPTCHAThisYo.com/

The site is self-explanatory. The idea is simple. I want CAPTCHA. I don't want to support CAPTCHA in my apps. I just want to drop in a one-liner snippet somewhere and call it done. I think other people share the same desire. So I now support CAPTCHA as a CAPTCHA app. I did all the work for myself so that I don't have to do that work. I went through all that trouble so that I don't have to go through the trouble .... Wait, ...

Seriously, it's not typical CAPTCHA, and it's Not Quite Done Yet (TM). It's something that'll evolve. Right now there isn't even any hard-to-read graphic CAPTCHA.

But what I'd like to do is have an ever-growing CAPTCHA questions library and, by default, have it just rotate through them randomly. The questions might range from shape detection to riddles to basic math. I'd really like to have some kind of community uploads thingmajig with ratings, so that people can basically share their own CAPTCHA solutions and they all run inside the same captchathisyo.com CAPTCHA engine. I'm just not sure yet how to pull that off.

Theoretically, I could take the approach Microsoft took when C# was initially released (long, long ago, in a galaxy far, far away), they had a cool insect sandbox game where you could write a .NET class that implements some interface and then send it up to the server and it would just run as an insect on the server. The objective of the game was to write the biggest killer/eater. I'm not sure how feasible the idea is of opening up all .NET uploads to the server, but it's something I'm pondering on.

Anyway, the concept has been prototyped and the prototype has been deployed is sound, but I still need to work out cross-site scripting limitations, bear with me. I still need to find a designer to make something beautful out of it. That said, feel free to use it and give feedback. Stand by.

Be the first to rate this post

  • Currently 0/5 Stars.
  • 1
  • 2
  • 3
  • 4
  • 5

Tags:

C# | Computers and Internet | Cool Tools | Pet Projects | Techniques | Web Development


 

Powered by BlogEngine.NET 1.4.5.0
Theme by Mads Kristensen

About the author

Jon Davis (aka "stimpy77") has been a programmer, developer, and consultant for web and Windows software solutions professionally since 1997, with experience ranging from OS and hardware support to DHTML programming to IIS/ASP web apps to Java network programming to Visual Basic applications to C# desktop apps.
 
Software in all forms is also his sole hobby, whether playing PC games or tinkering with programming them. "I was playing Defender on the Commodore 64," he reminisces, "when I decided at the age of 12 or so that I want to be a computer programmer when I grow up."

Jon was previously employed as a senior .NET developer at a very well-known Internet services company whom you're more likely than not to have directly done business with. However, this blog and all of jondavis.net have no affiliation with, and are not representative of, his former employer in any way.

Contact Me 


Tag cloud

Calendar

<<  October 2018  >>
MoTuWeThFrSaSu
24252627282930
1234567
891011121314
15161718192021
22232425262728
2930311234

View posts in large calendar