[nycphp-talk] Captcha/Question
Michele Waldman
mmwaldman at nyc.rr.com
Wed Dec 24 17:26:00 EST 2008
The purpose of the captchas and security question is to prevent automated
login attempts and automated password guessing.
-----Original Message-----
From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On
Behalf Of Tom Melendez
Sent: Wednesday, December 24, 2008 5:19 PM
To: NYPHP Talk
Subject: Re: [nycphp-talk] Captcha/Question
On Wed, Dec 24, 2008 at 2:01 PM, Michele Waldman <mmwaldman at nyc.rr.com>
wrote:
> I see zencart moved from using a captcha to a security question.
>
Do you know why? (I'm asking, I don't know why either) Do they let
you enable one instead of the other?
>
>
> They only have a finite number of questions like "What is the color of a
> blue sky?"
>
Is it possible to add your own?
>
>
> Can't that be easily gotten around?
>
> You can just read the security question from the page and program the
> response for that question.
>
Well, the answer is per user, so you would have to know their answer
to begin with, right?
>
>
> Thoughts on captchas and security questions?
>
Well, either or both combined shouldn't define your security policy.
For example, if you're running on a shared host, or non-SSL your
"security" is very limited. What are you trying to protect against?
What is your concern?
With that said, I tend to like the multi-step process that involves both.
Tom
http://www.liphp.org
_______________________________________________
New York PHP User Group Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
http://www.nyphp.org/show_participation.php
More information about the talk
mailing list