Re: Registration Confirmation Page
From: Lowell Heddings (lowell_at_mindjunction.com)
Date: 12/08/04
- Next message: Willy Denoyette [MVP]: "Re: C# ServicedComponent Singleton"
- Previous message: Tom Porterfield: "Re: object vs System.Object"
- In reply to: Nicholas Paldino [.NET/C# MVP]: "Re: Registration Confirmation Page"
- Next in thread: Greg Collins [InfoPath MVP]: "Re: Registration Confirmation Page"
- Reply: Greg Collins [InfoPath MVP]: "Re: Registration Confirmation Page"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 08 Dec 2004 14:53:10 -0500
I agree. The best way to do this is to use a class to dynamically create
the image on the fly.
You would use a Session variable to store the text you are looking for,
and the Session variable would be used by the dynamicimage.aspx page to
know how to create the image. This simplifies the entire thing, removing
the need for any querystring elements.
There is an excellent article here that you should read:
http://www.codeproject.com/aspnet/CaptchaImage.asp
Lowell
Nicholas Paldino [.NET/C# MVP] wrote:
> Greg,
>
> I would recommend that you not do this. The reason is that if you use
> static images, which don't have a variance, and someone picks up on it, it
> will be easy to just map the sections of the image back to the number, and
> viola! It's curcumvented.
>
> Rather, I would recommend that you create the image on the server side,
> and then write the numbers. Then, you would apply a set of random
> transformations to the image to skew or alter the image in a way that would
> fool OCR, but not the human eye. This is better than your solution because
> each number doesn't have a static pattern that can be associated with that
> number.
>
> To do this, you can call the static FromImage method on the Graphics
> class, which will return a Graphics instance you can make calls to
> manipulate. Use the DrawString method to paint the numbers on the bitmap.
> Then you would use the same graphics instance to alter the bitmap.
>
> Once done, you would call the Save method on the Bitmap, and save the
> file to a local disk, or you can have an ASP.NET page stream the image
> directly to the client. In order to do this, you would have to have some
> sort of query string which would tell the page how to render the image
> (since the link is embeded in the IMG tag).
>
> Of course, this brings up a security issue again. You have to encrypt
> the query string in such a way that the value is not discernable by looking
> at it. I recommend you create an encryption key per session (based on the
> time, or the session id, or a combination of both, this can easily be done
> through hashing) and use that.
>
> Then, you have to embed the encrypted value on the page that is
> submitting the validation routine, so that when processing the page, you can
> compare what the user entered with what you showed them.
>
> Hope this helps.
>
>
- Next message: Willy Denoyette [MVP]: "Re: C# ServicedComponent Singleton"
- Previous message: Tom Porterfield: "Re: object vs System.Object"
- In reply to: Nicholas Paldino [.NET/C# MVP]: "Re: Registration Confirmation Page"
- Next in thread: Greg Collins [InfoPath MVP]: "Re: Registration Confirmation Page"
- Reply: Greg Collins [InfoPath MVP]: "Re: Registration Confirmation Page"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
