Capture feature? - Level Extreme

Level Extreme platform

Subscription

Corporate profile

Products & Services

Support

Legal

Français

Capture feature?

Message

From

19/10/2010 11:39:03

William Kuhn
The Kuhn Group, Inc.
St Marys, Kansas, United States

19/10/2010 11:35:18

Dmitry Litvak
Massachusetts, United States

General information

Forum:

ASP.NET

Category:

Other

Title:

Re: Capture feature?

Environment versions

Environment:

C# 2.0

Miscellaneous

Thread ID:

01486121

Message ID:

01486137

Views:

>>>>>>>Hi,
>>>>>>>
>>>>>>>A customer mentioned to me that they would like to improve security of my ASP.NET application by adding the "capture" feature (this is what it sounded to me like on the phone). Has anybody done this feature? What is involved?
>>>>>>>
>>>>>>>TIA
>>>>>>
>>>>>>It is called CAPTCHA. This is what you get on some websites that show you a distorted graphic of text and request you type in what you read. It tries to keep automated programs from accessing your site or certain functionality.
>>>>>>
>>>>>>Some commercial versions of CAPTCHA type controls are available - Infragistics has one that I've used.
>>>>>>
>>>>>>I assume there are open source versions as well.
>>>>>
>>>>>Thank you, William. So they would have to enter this "distorted graphic" every time they submit something from my web application?! My customers will start the riots that will make the ones in France pale in comparison <g>
>>>>
>>>>It's not all that bad if you keep the captcha output reasonable. I think most controls allow you to specify what letters are output and whether it is case sensitive.
>>>>
>>>>If a user hits a page where they should be verified with a captcha control, verify them and set a session variable so they do not have to do it again for the session duration.
>>>
>>>Thank you. Maybe it can be made less "intrusive." My application allows users to submit work orders via web application (instead of telephone call). Most resist to switch from the telephone (since they have been doing it for a long time). So it is a challenge to make users start using the web application. With this Captcha feature the challenge will be doubled.
>>
>>
>>Are you using forms authentication to have them log into your web application (sounds like this is a must). If so, captcha really is redundant and unnecessary.
>
>Yes, I am using forms authentication. And I have a couple of other customers using the same application for a couple of years without any security problems. But this (new) customer is concerned (without knowing anything about ASP.NET forms authentication) that without Captcha they may have problems. If you have ideas of how to "show" them or "prove" to them that ASP.NET forms authentication is secure, please let me know.
>
>Thank you.

The point of forms authentication is to ensure a valid user via username and password (complex as necessary). This give you a more specific idea of who is using your site than captcha, which only ensures a human (probably) user.

This is kind of like doing a retinal scan on someone to verify their identity to open a door, but then having them knock 3 times for it to actually open.

____________________________________

Don't Tread on Me

Overthrow the federal government NOW!
____________________________________

Map

View

Click here to load this message in the networking platform