Captcha from LassoForge

classic Classic list List threaded Threaded
20 messages Options
Reply | Threaded
Open this post in threaded view
|

Captcha from LassoForge

kimonostereo
Has anyone incorporated Captcha:secureauth-param that's posted at  
LassoForge?

I downloaded it, and while I understand how it works, I'm having a  
bit of trouble getting it incorporated into my form.

I've been having a small problem with spammers using our online  
application form!  Hopefully I can use this to thwart them. Or maybe  
some of you have better ideas on how to stop spammers from using the  
forms? I've made required fields but they just enter the same data in  
all the fields. Grrrr.

aloha
\\scott\\

------------
KimonoKitsy Studios LLC
Read our webcomic ~ nemu*nemu at:
http://nemu-nemu.com /



============================================
Attend the Lasso Summit
March 2-7, 2007 in Fort Lauderdale, FL
http://www.LassoSummit.com/
============================================

------------------------------
Lasso Support: http://support.omnipilot.com/
Search the list archives: http://www.listsearch.com/lassotalk.lasso
Manage your list subscription:  
http://www.listsearch.com/lassotalk.lasso?manage
Reply | Threaded
Open this post in threaded view
|

Re: Captcha from LassoForge

Doug Gentry
My low tech solution has been to add a text input field with a  
caption like "Type in the first word of this organization's name. It  
starts with a 'P'."

Then I test for "Piedmont" in the case of the Piedmont Choirs.  It  
was hard to see how an automated spam/hacking script could interpret  
it.  No trouble so far.

....Doug
On Oct 11, 2006, at 11:54 AM, Scott Yoshinaga wrote:

> Has anyone incorporated Captcha:secureauth-param that's posted at  
> LassoForge?
>
> I downloaded it, and while I understand how it works, I'm having a  
> bit of trouble getting it incorporated into my form.
>
> I've been having a small problem with spammers using our online  
> application form!  Hopefully I can use this to thwart them. Or  
> maybe some of you have better ideas on how to stop spammers from  
> using the forms? I've made required fields but they just enter the  
> same data in all the fields. Grrrr.
>
> aloha
> \\scott\\
>


---
Doug Gentry
Dynapolis & Southern Oregon University
p:  541-261-8501 / Toll Free: 888-490-0644
[hidden email]
www.dynapolis.com



============================================
Attend the Lasso Summit
March 2-7, 2007 in Fort Lauderdale, FL
http://www.LassoSummit.com/
============================================

------------------------------
Lasso Support: http://support.omnipilot.com/
Search the list archives: http://www.listsearch.com/lassotalk.lasso
Manage your list subscription:  
http://www.listsearch.com/lassotalk.lasso?manage
Reply | Threaded
Open this post in threaded view
|

Re: Captcha from LassoForge

Eric Browning-3
I've use it and it works quite well, it's on the registration section of
our alumni website http://alumni.jdchs.org/
--
Eric Browning

Doug Gentry wrote:

> My low tech solution has been to add a text input field with a caption
> like "Type in the first word of this organization's name. It starts
> with a 'P'."
>
> Then I test for "Piedmont" in the case of the Piedmont Choirs.  It was
> hard to see how an automated spam/hacking script could interpret it.  
> No trouble so far.
>
> ....Doug
> On Oct 11, 2006, at 11:54 AM, Scott Yoshinaga wrote:
>
>> Has anyone incorporated Captcha:secureauth-param that's posted at
>> LassoForge?
>>
>> I downloaded it, and while I understand how it works, I'm having a
>> bit of trouble getting it incorporated into my form.
>>
>> I've been having a small problem with spammers using our online
>> application form!  Hopefully I can use this to thwart them. Or maybe
>> some of you have better ideas on how to stop spammers from using the
>> forms? I've made required fields but they just enter the same data in
>> all the fields. Grrrr.
>>
>> aloha
>> \\scott\\
>>
>
>
> ---
> Doug Gentry
> Dynapolis & Southern Oregon University
> p:  541-261-8501 / Toll Free: 888-490-0644
> [hidden email]
> www.dynapolis.com
>
>
>
> ============================================
> Attend the Lasso Summit
> March 2-7, 2007 in Fort Lauderdale, FL
> http://www.LassoSummit.com/
> ============================================
>
> ------------------------------
> Lasso Support: http://support.omnipilot.com/
> Search the list archives: http://www.listsearch.com/lassotalk.lasso
> Manage your list subscription:
> http://www.listsearch.com/lassotalk.lasso?manage
>

============================================
Attend the Lasso Summit
March 2-7, 2007 in Fort Lauderdale, FL
http://www.LassoSummit.com/
============================================

------------------------------
Lasso Support: http://support.omnipilot.com/
Search the list archives: http://www.listsearch.com/lassotalk.lasso
Manage your list subscription:  
http://www.listsearch.com/lassotalk.lasso?manage
Reply | Threaded
Open this post in threaded view
|

Lasso Based Traceroute?

Cory Robin-2
Has anyone ever done a lasso-based traceroute tag?

I need to let my users do a traceroute from thier terminal
to my lasso server.

Tks for any response or help

Cory.

============================================
Attend the Lasso Summit
March 2-7, 2007 in Fort Lauderdale, FL
http://www.LassoSummit.com/
============================================

------------------------------
Lasso Support: http://support.omnipilot.com/
Search the list archives: http://www.listsearch.com/lassotalk.lasso
Manage your list subscription:  
http://www.listsearch.com/lassotalk.lasso?manage
Reply | Threaded
Open this post in threaded view
|

Re: Lasso Based Traceroute?

James Harvard
Presumably you could just feed the value of client_ip to traceroute on the command line using either Passthru or the built in tag for this (I forget the name) in L8.5.
James

>Has anyone ever done a lasso-based traceroute tag?
>
>I need to let my users do a traceroute from thier terminal
>to my lasso server.
>
>Tks for any response or help

============================================
Attend the Lasso Summit
March 2-7, 2007 in Fort Lauderdale, FL
http://www.LassoSummit.com/
============================================

------------------------------
Lasso Support: http://support.omnipilot.com/
Search the list archives: http://www.listsearch.com/lassotalk.lasso
Manage your list subscription:  
http://www.listsearch.com/lassotalk.lasso?manage
Reply | Threaded
Open this post in threaded view
|

Re: Lasso Based Traceroute?

Bil Corry-3
In reply to this post by Cory Robin-2
Cory Robin wrote:
> Has anyone ever done a lasso-based traceroute tag?
>
> I need to let my users do a traceroute from thier terminal
> to my lasso server.

Well, you can probably use [os_process] to do a traceroute from you to them.  However, in order to do a traceroute from them to you via the browser, you'll need a Java applet that runs on their machine and performs the traceroute.  I don't know of any, but I'm sure there's probably someone who has created one.

- Bil


============================================
Attend the Lasso Summit
March 2-7, 2007 in Fort Lauderdale, FL
http://www.LassoSummit.com/
============================================

------------------------------
Lasso Support: http://support.omnipilot.com/
Search the list archives: http://www.listsearch.com/lassotalk.lasso
Manage your list subscription:  
http://www.listsearch.com/lassotalk.lasso?manage
Reply | Threaded
Open this post in threaded view
|

Re: Captcha from LassoForge

kimonostereo
In reply to this post by Eric Browning-3
Hi Eric,

Can you please explain to me how to set it up if you have the time?
Is it simply calling a lasso page using an include?

thanks
\\scott\\

------------
KimonoKitsy Studios LLC
Read our webcomic ~ nemu*nemu at:
http://nemu-nemu.com /


On Oct 11, 2006, at 9:51 AM, Eric Browning wrote:

> I've use it and it works quite well, it's on the registration  
> section of our alumni website http://alumni.jdchs.org/
> --
> Eric Browning
>
> Doug Gentry wrote:
>> My low tech solution has been to add a text input field with a  
>> caption like "Type in the first word of this organization's name.  
>> It starts with a 'P'."
>>
>> Then I test for "Piedmont" in the case of the Piedmont Choirs.  It  
>> was hard to see how an automated spam/hacking script could  
>> interpret it.  No trouble so far.
>>
>> ....Doug
>> On Oct 11, 2006, at 11:54 AM, Scott Yoshinaga wrote:
>>
>>> Has anyone incorporated Captcha:secureauth-param that's posted at  
>>> LassoForge?
>>>
>>> I downloaded it, and while I understand how it works, I'm having  
>>> a bit of trouble getting it incorporated into my form.
>>>
>>> I've been having a small problem with spammers using our online  
>>> application form!  Hopefully I can use this to thwart them. Or  
>>> maybe some of you have better ideas on how to stop spammers from  
>>> using the forms? I've made required fields but they just enter  
>>> the same data in all the fields. Grrrr.
>>>
>>> aloha
>>> \\scott\\
>>>
>>
>>
>> ---
>> Doug Gentry
>> Dynapolis & Southern Oregon University
>> p:  541-261-8501 / Toll Free: 888-490-0644
>> [hidden email]
>> www.dynapolis.com
>>
>>
>>
>> ============================================
>> Attend the Lasso Summit
>> March 2-7, 2007 in Fort Lauderdale, FL
>> http://www.LassoSummit.com/
>> ============================================
>>
>> ------------------------------
>> Lasso Support: http://support.omnipilot.com/
>> Search the list archives: http://www.listsearch.com/lassotalk.lasso
>> Manage your list subscription: http://www.listsearch.com/ 
>> lassotalk.lasso?manage
>>
>
> ============================================
> Attend the Lasso Summit
> March 2-7, 2007 in Fort Lauderdale, FL
> http://www.LassoSummit.com/
> ============================================
>
> ------------------------------
> Lasso Support: http://support.omnipilot.com/
> Search the list archives: http://www.listsearch.com/lassotalk.lasso
> Manage your list subscription:  http://www.listsearch.com/ 
> lassotalk.lasso?manage
>


============================================
Attend the Lasso Summit
March 2-7, 2007 in Fort Lauderdale, FL
http://www.LassoSummit.com/
============================================

------------------------------
Lasso Support: http://support.omnipilot.com/
Search the list archives: http://www.listsearch.com/lassotalk.lasso
Manage your list subscription:  
http://www.listsearch.com/lassotalk.lasso?manage
Reply | Threaded
Open this post in threaded view
|

Re: Captcha from LassoForge

Eric Browning-3
Scott,

So on the registration page I have this:

<?LassoScript
var:'code'=(lasso_uniqueid);
var:'max_length'= 7;
var:'unreadable_chars'=(array:'o','O','0','2','z','Z','1','I','L','l');
var:'seed'='your-seed-here';
var:'code_encrypted'='';
                 
iterate:$unreadable_chars,(var:'current');
    $code->(replace($current,''));
/iterate;
                 
$code=($code->(substring:($code->length-$max_length),$max_length));
$code_encrypted=(encrypt_blowfish: $code, -seed=$seed);
?>
<input type="hidden" name="s" value="[$code_encrypted]">
<img src="/secureauth-param/secure_serve.lasso?s=[$code_encrypted]"
border="0" width="200" height="100">
<input name="picturecode" type="text" id="picturecode" size="24">
<input name="submit" type="submit" value="Submit">

The hidden field "s" contains the text equivalent of what's in the
picture except it's encrypted by blowfish to be passed onto the next page.

On the receiving page I have this:
<?lassoscript
// test the captcha code
var: 'seed'='your-seed-here';
var: 'code'= string: (decrypt_blowfish: (action_param: 's'), -seed=$seed);

// if the codes are qual then the answer to the captcha is correct
if:($code->(equals:(action_param:'picturecode'),-case));
    // the rest of your stuff in here
    'Yea!';
/if;
?>

I'm sure security could be improved but I haven't had time to address it
yet.  You have to make double sure somebody can't just download your
source as that would expose your seed.  One idea that just came to mind
is you could have a random character generator make up your seed for you
each time the page is called and even if they have your code the seed
will always be different, but you'll also have to figure out a way to
pass the seed securely too.  Just food for thought.
--
Eric Browning

============================================
Attend the Lasso Summit
March 2-7, 2007 in Fort Lauderdale, FL
http://www.LassoSummit.com/
============================================

------------------------------
Lasso Support: http://support.omnipilot.com/
Search the list archives: http://www.listsearch.com/lassotalk.lasso
Manage your list subscription:  
http://www.listsearch.com/lassotalk.lasso?manage
Reply | Threaded
Open this post in threaded view
|

Re: Captcha from LassoForge

Bil Corry-3
Eric Browning wrote:
> I'm sure security could be improved but I haven't had time to address it
> yet.

Just note that a human could visit the site once, record the s value as "0659eb740c85f88b" and the solution as "ADQg583" and submit the form as many times as they wanted using those values.  Adding a time component into the encrypted s value could instead render the solution invalid after say, 15 minutes.

An even better solution would be to pass all that information on the backend via sessions.  As long as you record that the form was submitted inside the session (and not allow it a second time), it would force the bot to generate a new session for each form submission and would trigger a new CAPTCHA to solve.

And FWIW, there doesn't exist a system that is 100% fool-proof as human mules can be deployed to crack any CAPTCHA:

http://www.boingboing.net/2004/01/27/solving_and_creating.html


- Bil


============================================
Attend the Lasso Summit
March 2-7, 2007 in Fort Lauderdale, FL
http://www.LassoSummit.com/
============================================

------------------------------
Lasso Support: http://support.omnipilot.com/
Search the list archives: http://www.listsearch.com/lassotalk.lasso
Manage your list subscription:  
http://www.listsearch.com/lassotalk.lasso?manage
Reply | Threaded
Open this post in threaded view
|

Re: Captcha from LassoForge

Eric Browning-3
Yes, no system is hack proof, and that site was done in less than a
week, I'll have to revisit it later.

I do think this is an awesome captcha concept:
http://hotcaptcha.com/
--
Eric Browning

Bil Corry wrote:

> Eric Browning wrote:
>> I'm sure security could be improved but I haven't had time to address
>> it yet.
>
> Just note that a human could visit the site once, record the s value
> as "0659eb740c85f88b" and the solution as "ADQg583" and submit the
> form as many times as they wanted using those values.  Adding a time
> component into the encrypted s value could instead render the solution
> invalid after say, 15 minutes.
>
> An even better solution would be to pass all that information on the
> backend via sessions.  As long as you record that the form was
> submitted inside the session (and not allow it a second time), it
> would force the bot to generate a new session for each form submission
> and would trigger a new CAPTCHA to solve.
>
> And FWIW, there doesn't exist a system that is 100% fool-proof as
> human mules can be deployed to crack any CAPTCHA:
>
> http://www.boingboing.net/2004/01/27/solving_and_creating.html
>
>
> - Bil
>
>
> ============================================
> Attend the Lasso Summit
> March 2-7, 2007 in Fort Lauderdale, FL
> http://www.LassoSummit.com/
> ============================================
>
> ------------------------------
> Lasso Support: http://support.omnipilot.com/
> Search the list archives: http://www.listsearch.com/lassotalk.lasso
> Manage your list subscription:  
> http://www.listsearch.com/lassotalk.lasso?manage
>

============================================
Attend the Lasso Summit
March 2-7, 2007 in Fort Lauderdale, FL
http://www.LassoSummit.com/
============================================

------------------------------
Lasso Support: http://support.omnipilot.com/
Search the list archives: http://www.listsearch.com/lassotalk.lasso
Manage your list subscription:  
http://www.listsearch.com/lassotalk.lasso?manage
Reply | Threaded
Open this post in threaded view
|

Re: Captcha from LassoForge

kimonostereo
In reply to this post by Eric Browning-3
Thanks for this Eric!

I was trying it out but for some reason each time I go to the page  
with the captcha in it my Lasso Security prompts me for a user name  
and password. Do you know why this is happening and how to fix it?

Sorry for being such a noob...
:-(

------------
KimonoKitsy Studios LLC
Read our webcomic ~ nemu*nemu at:
http://nemu-nemu.com /


On Oct 11, 2006, at 11:30 AM, Eric Browning wrote:

> Scott,
>
> So on the registration page I have this:
>
> <?LassoScript
> var:'code'=(lasso_uniqueid);
> var:'max_length'= 7;
> var:'unreadable_chars'=
> (array:'o','O','0','2','z','Z','1','I','L','l');
> var:'seed'='your-seed-here';
> var:'code_encrypted'='';
>                 iterate:$unreadable_chars,(var:'current');
>    $code->(replace($current,''));
> /iterate;
>                 $code=($code->(substring:($code->length-
> $max_length),$max_length));
> $code_encrypted=(encrypt_blowfish: $code, -seed=$seed);
> ?>
> <input type="hidden" name="s" value="[$code_encrypted]">
> <img src="/secureauth-param/secure_serve.lasso?s=[$code_encrypted]"  
> border="0" width="200" height="100">
> <input name="picturecode" type="text" id="picturecode" size="24">
> <input name="submit" type="submit" value="Submit">
>
> The hidden field "s" contains the text equivalent of what's in the  
> picture except it's encrypted by blowfish to be passed onto the  
> next page.
>
> On the receiving page I have this:
> <?lassoscript
> // test the captcha code
> var: 'seed'='your-seed-here';
> var: 'code'= string: (decrypt_blowfish: (action_param: 's'), -seed=
> $seed);
>
> // if the codes are qual then the answer to the captcha is correct
> if:($code->(equals:(action_param:'picturecode'),-case));
>    // the rest of your stuff in here
>    'Yea!';
> /if;
> ?>
>
> I'm sure security could be improved but I haven't had time to  
> address it yet.  You have to make double sure somebody can't just  
> download your source as that would expose your seed.  One idea that  
> just came to mind is you could have a random character generator  
> make up your seed for you each time the page is called and even if  
> they have your code the seed will always be different, but you'll  
> also have to figure out a way to pass the seed securely too.  Just  
> food for thought.
> --
> Eric Browning
>
> ============================================
> Attend the Lasso Summit
> March 2-7, 2007 in Fort Lauderdale, FL
> http://www.LassoSummit.com/
> ============================================
>
> ------------------------------
> Lasso Support: http://support.omnipilot.com/
> Search the list archives: http://www.listsearch.com/lassotalk.lasso
> Manage your list subscription:  http://www.listsearch.com/ 
> lassotalk.lasso?manage
>


============================================
Attend the Lasso Summit
March 2-7, 2007 in Fort Lauderdale, FL
http://www.LassoSummit.com/
============================================

------------------------------
Lasso Support: http://support.omnipilot.com/
Search the list archives: http://www.listsearch.com/lassotalk.lasso
Manage your list subscription:  
http://www.listsearch.com/lassotalk.lasso?manage
Reply | Threaded
Open this post in threaded view
|

Re: Captcha from LassoForge

Eric Browning-3
No problem Scott, everybody has to start somewhere.  If I remember
correctly (last year) I think it's because secure-auth wants to write
the image as a file to /tmp (in mac os x anyway), you should look in
lasso's serveradmin to see if you have permissions set correctly.  You
might also be able to encase it in an inline with a lasso admin
username/password and a -nothing as an action so it authorizes the file
writing.
--
Eric Browning

Scott Yoshinaga wrote:

> Thanks for this Eric!
>
> I was trying it out but for some reason each time I go to the page
> with the captcha in it my Lasso Security prompts me for a user name
> and password. Do you know why this is happening and how to fix it?
>
> Sorry for being such a noob...
> :-(
>
> ------------
> KimonoKitsy Studios LLC
> Read our webcomic ~ nemu*nemu at:
> http://nemu-nemu.com /

============================================
Attend the Lasso Summit
March 2-7, 2007 in Fort Lauderdale, FL
http://www.LassoSummit.com/
============================================

------------------------------
Lasso Support: http://support.omnipilot.com/
Search the list archives: http://www.listsearch.com/lassotalk.lasso
Manage your list subscription:  
http://www.listsearch.com/lassotalk.lasso?manage
Reply | Threaded
Open this post in threaded view
|

Re: Captcha from LassoForge

Eric Browning-3
In reply to this post by kimonostereo
OH I think I remember now, check on the permissions for the file_serve
tag as well.
--
Eric Browning

Scott Yoshinaga wrote:

> Thanks for this Eric!
>
> I was trying it out but for some reason each time I go to the page
> with the captcha in it my Lasso Security prompts me for a user name
> and password. Do you know why this is happening and how to fix it?
>
> Sorry for being such a noob...
> :-(
>
> ------------
> KimonoKitsy Studios LLC
> Read our webcomic ~ nemu*nemu at:
> http://nemu-nemu.com /

============================================
Attend the Lasso Summit
March 2-7, 2007 in Fort Lauderdale, FL
http://www.LassoSummit.com/
============================================

------------------------------
Lasso Support: http://support.omnipilot.com/
Search the list archives: http://www.listsearch.com/lassotalk.lasso
Manage your list subscription:  
http://www.listsearch.com/lassotalk.lasso?manage
Reply | Threaded
Open this post in threaded view
|

Re: Captcha from LassoForge

kimonostereo
thanks for the tip!
I'm in my lasso admin but I don't see the file_serve tag? Im on Lasso  
7 still as I haven't upgraded yet.
Also I can't figure out what to do in the security section to get  
that folder permissions to work?

What's interesting is i'm using a lasso script that is doing  
something similar to this to convert email addresses into images  
instead of text and it never asked for a username/pass when used. :-/

------------
KimonoKitsy Studios LLC
Read our webcomic ~ nemu*nemu at:
http://nemu-nemu.com /


On Oct 11, 2006, at 1:45 PM, Eric Browning wrote:

> OH I think I remember now, check on the permissions for the  
> file_serve tag as well.
> --
> Eric Browning
>
> Scott Yoshinaga wrote:
>> Thanks for this Eric!
>>
>> I was trying it out but for some reason each time I go to the page  
>> with the captcha in it my Lasso Security prompts me for a user  
>> name and password. Do you know why this is happening and how to  
>> fix it?
>>
>> Sorry for being such a noob...
>> :-(
>>
>> ------------
>> KimonoKitsy Studios LLC
>> Read our webcomic ~ nemu*nemu at:
>> http://nemu-nemu.com /
>
> ============================================
> Attend the Lasso Summit
> March 2-7, 2007 in Fort Lauderdale, FL
> http://www.LassoSummit.com/
> ============================================
>
> ------------------------------
> Lasso Support: http://support.omnipilot.com/
> Search the list archives: http://www.listsearch.com/lassotalk.lasso
> Manage your list subscription:  http://www.listsearch.com/ 
> lassotalk.lasso?manage
>


============================================
Attend the Lasso Summit
March 2-7, 2007 in Fort Lauderdale, FL
http://www.LassoSummit.com/
============================================

------------------------------
Lasso Support: http://support.omnipilot.com/
Search the list archives: http://www.listsearch.com/lassotalk.lasso
Manage your list subscription:  
http://www.listsearch.com/lassotalk.lasso?manage
Reply | Threaded
Open this post in threaded view
|

Re: Captcha from LassoForge

Steffan A. Cline
In reply to this post by Bil Corry-3
Sessions don't work. Johan and I tried that. It turned into a race condition
to see if the session data could be added before the image tried to draw on
it. No luck there. I'll be looking at other options.


Thanks

Steffan

---------------------------------------------------------------
T E L  6 0 2 . 5 7 9 . 4 2 3 0 | F A X  6 0 2 . 9 7 1 . 1 6 9 4
Steffan A. Cline
[hidden email]                             Phoenix, Az
http://www.ExecuChoice.net                                  USA
AIM : SteffanC          ICQ : 57234309
                                  Lasso Partner Alliance Member
---------------------------------------------------------------



> From: Bil Corry <[hidden email]>
> Reply-To: <[hidden email]>
> Date: Wed, 11 Oct 2006 14:51:24 -0700
> To: <[hidden email]>
> Subject: Re: Captcha from LassoForge
>
> Eric Browning wrote:
>> I'm sure security could be improved but I haven't had time to address it
>> yet.
>
> Just note that a human could visit the site once, record the s value as
> "0659eb740c85f88b" and the solution as "ADQg583" and submit the form as many
> times as they wanted using those values.  Adding a time component into the
> encrypted s value could instead render the solution invalid after say, 15
> minutes.
>
> An even better solution would be to pass all that information on the backend
> via sessions.  As long as you record that the form was submitted inside the
> session (and not allow it a second time), it would force the bot to generate a
> new session for each form submission and would trigger a new CAPTCHA to solve.
>
> And FWIW, there doesn't exist a system that is 100% fool-proof as human mules
> can be deployed to crack any CAPTCHA:
>
> http://www.boingboing.net/2004/01/27/solving_and_creating.html
>
>
> - Bil
>
>
> ============================================
> Attend the Lasso Summit
> March 2-7, 2007 in Fort Lauderdale, FL
> http://www.LassoSummit.com/
> ============================================
>
> ------------------------------
> Lasso Support: http://support.omnipilot.com/
> Search the list archives: http://www.listsearch.com/lassotalk.lasso
> Manage your list subscription:
> http://www.listsearch.com/lassotalk.lasso?manage



============================================
Attend the Lasso Summit
March 2-7, 2007 in Fort Lauderdale, FL
http://www.LassoSummit.com/
============================================

------------------------------
Lasso Support: http://support.omnipilot.com/
Search the list archives: http://www.listsearch.com/lassotalk.lasso
Manage your list subscription:  
http://www.listsearch.com/lassotalk.lasso?manage
Reply | Threaded
Open this post in threaded view
|

Re: Captcha from LassoForge

Eric Browning-3
In reply to this post by kimonostereo
you'll find it in security I think.  It's been a while since I worked
with LP7.

Scott Yoshinaga wrote:

> thanks for the tip!
> I'm in my lasso admin but I don't see the file_serve tag? Im on Lasso
> 7 still as I haven't upgraded yet.
> Also I can't figure out what to do in the security section to get that
> folder permissions to work?
>
> What's interesting is i'm using a lasso script that is doing something
> similar to this to convert email addresses into images instead of text
> and it never asked for a username/pass when used. :-/
>
> ------------
> KimonoKitsy Studios LLC
> Read our webcomic ~ nemu*nemu at:
> http://nemu-nemu.com /
>
>
> On Oct 11, 2006, at 1:45 PM, Eric Browning wrote:
>
>> OH I think I remember now, check on the permissions for the
>> file_serve tag as well.
>> --
>> Eric Browning
>>
>> Scott Yoshinaga wrote:
>>> Thanks for this Eric!
>>>
>>> I was trying it out but for some reason each time I go to the page
>>> with the captcha in it my Lasso Security prompts me for a user name
>>> and password. Do you know why this is happening and how to fix it?
>>>
>>> Sorry for being such a noob...
>>> :-(
>>>
>>> ------------
>>> KimonoKitsy Studios LLC
>>> Read our webcomic ~ nemu*nemu at:
>>> http://nemu-nemu.com /
>>
>> ============================================
>> Attend the Lasso Summit
>> March 2-7, 2007 in Fort Lauderdale, FL
>> http://www.LassoSummit.com/
>> ============================================
>>
>> ------------------------------
>> Lasso Support: http://support.omnipilot.com/
>> Search the list archives: http://www.listsearch.com/lassotalk.lasso
>> Manage your list subscription:  
>> http://www.listsearch.com/lassotalk.lasso?manage
>>
>
>
> ============================================
> Attend the Lasso Summit
> March 2-7, 2007 in Fort Lauderdale, FL
> http://www.LassoSummit.com/
> ============================================
>
> ------------------------------
> Lasso Support: http://support.omnipilot.com/
> Search the list archives: http://www.listsearch.com/lassotalk.lasso
> Manage your list subscription:
> http://www.listsearch.com/lassotalk.lasso?manage
>

============================================
Attend the Lasso Summit
March 2-7, 2007 in Fort Lauderdale, FL
http://www.LassoSummit.com/
============================================

------------------------------
Lasso Support: http://support.omnipilot.com/
Search the list archives: http://www.listsearch.com/lassotalk.lasso
Manage your list subscription:  
http://www.listsearch.com/lassotalk.lasso?manage
Reply | Threaded
Open this post in threaded view
|

Re: Captcha from LassoForge

Bil Corry-3
In reply to this post by Steffan A. Cline
Steffan A. Cline wrote:
> Sessions don't work. Johan and I tried that. It turned into a race condition
> to see if the session data could be added before the image tried to draw on
> it. No luck there. I'll be looking at other options.

I'm not sure I understand.  Don't you generate the random string, place it into the session and have the browser load the image?  Where does the race condition come in?

Unfortunately, the image tags don't work on my XP dev machine, so I'm having to use my imagination.

- Bil


============================================
Attend the Lasso Summit
March 2-7, 2007 in Fort Lauderdale, FL
http://www.LassoSummit.com/
============================================

------------------------------
Lasso Support: http://support.omnipilot.com/
Search the list archives: http://www.listsearch.com/lassotalk.lasso
Manage your list subscription:  
http://www.listsearch.com/lassotalk.lasso?manage
Reply | Threaded
Open this post in threaded view
|

Re: Captcha from LassoForge

Steffan A. Cline
I tried on page load to generate a code and put it into a session. Then the
body of the captcha hits where it calls a lasso page to generate the image.
The code that generates the image on the fly has bombed out where because it
is hitting at the same time the magic code does not make it into the session
before the image calls it.


Thanks

Steffan

---------------------------------------------------------------
T E L  6 0 2 . 5 7 9 . 4 2 3 0 | F A X  6 0 2 . 9 7 1 . 1 6 9 4
Steffan A. Cline
[hidden email]                             Phoenix, Az
http://www.ExecuChoice.net                                  USA
AIM : SteffanC          ICQ : 57234309
                                  Lasso Partner Alliance Member
---------------------------------------------------------------



> From: Bil Corry <[hidden email]>
> Reply-To: <[hidden email]>
> Date: Wed, 11 Oct 2006 23:17:38 -0700
> To: <[hidden email]>
> Subject: Re: Captcha from LassoForge
>
> Steffan A. Cline wrote:
>> Sessions don't work. Johan and I tried that. It turned into a race condition
>> to see if the session data could be added before the image tried to draw on
>> it. No luck there. I'll be looking at other options.
>
> I'm not sure I understand.  Don't you generate the random string, place it
> into the session and have the browser load the image?  Where does the race
> condition come in?
>
> Unfortunately, the image tags don't work on my XP dev machine, so I'm having
> to use my imagination.
>
> - Bil
>
>
> ============================================
> Attend the Lasso Summit
> March 2-7, 2007 in Fort Lauderdale, FL
> http://www.LassoSummit.com/
> ============================================
>
> ------------------------------
> Lasso Support: http://support.omnipilot.com/
> Search the list archives: http://www.listsearch.com/lassotalk.lasso
> Manage your list subscription:
> http://www.listsearch.com/lassotalk.lasso?manage



============================================
Attend the Lasso Summit
March 2-7, 2007 in Fort Lauderdale, FL
http://www.LassoSummit.com/
============================================

------------------------------
Lasso Support: http://support.omnipilot.com/
Search the list archives: http://www.listsearch.com/lassotalk.lasso
Manage your list subscription:  
http://www.listsearch.com/lassotalk.lasso?manage
Reply | Threaded
Open this post in threaded view
|

Re: Captcha from LassoForge

Eric Browning-3
Have you tried to put in something like sleep: 1000; between the
sessions start and image generation?  I often build in a little buffer
since it always seems to me that to start a lasso session is take a
little bit extra time to write the session data to the sessions db.
--
Eric Browning

Steffan A. Cline wrote:

> I tried on page load to generate a code and put it into a session. Then the
> body of the captcha hits where it calls a lasso page to generate the image.
> The code that generates the image on the fly has bombed out where because it
> is hitting at the same time the magic code does not make it into the session
> before the image calls it.
>
>
> Thanks
>
> Steffan
>
> ---------------------------------------------------------------
> T E L  6 0 2 . 5 7 9 . 4 2 3 0 | F A X  6 0 2 . 9 7 1 . 1 6 9 4
> Steffan A. Cline
> [hidden email]                             Phoenix, Az
> http://www.ExecuChoice.net                                  USA
> AIM : SteffanC          ICQ : 57234309
>                                   Lasso Partner Alliance Member
> ---------------------------------------------------------------
>
>
>
>  
>> From: Bil Corry <[hidden email]>
>> Reply-To: <[hidden email]>
>> Date: Wed, 11 Oct 2006 23:17:38 -0700
>> To: <[hidden email]>
>> Subject: Re: Captcha from LassoForge
>>
>> Steffan A. Cline wrote:
>>    
>>> Sessions don't work. Johan and I tried that. It turned into a race condition
>>> to see if the session data could be added before the image tried to draw on
>>> it. No luck there. I'll be looking at other options.
>>>      
>> I'm not sure I understand.  Don't you generate the random string, place it
>> into the session and have the browser load the image?  Where does the race
>> condition come in?
>>
>> Unfortunately, the image tags don't work on my XP dev machine, so I'm having
>> to use my imagination.
>>
>> - Bil
>>
>>
>> ============================================
>> Attend the Lasso Summit
>> March 2-7, 2007 in Fort Lauderdale, FL
>> http://www.LassoSummit.com/
>> ============================================
>>
>> ------------------------------
>> Lasso Support: http://support.omnipilot.com/
>> Search the list archives: http://www.listsearch.com/lassotalk.lasso
>> Manage your list subscription:
>> http://www.listsearch.com/lassotalk.lasso?manage
>>    
>
>
>
> ============================================
> Attend the Lasso Summit
> March 2-7, 2007 in Fort Lauderdale, FL
> http://www.LassoSummit.com/
> ============================================
>
> ------------------------------
> Lasso Support: http://support.omnipilot.com/
> Search the list archives: http://www.listsearch.com/lassotalk.lasso
> Manage your list subscription:  
> http://www.listsearch.com/lassotalk.lasso?manage
>
>  

============================================
Attend the Lasso Summit
March 2-7, 2007 in Fort Lauderdale, FL
http://www.LassoSummit.com/
============================================

------------------------------
Lasso Support: http://support.omnipilot.com/
Search the list archives: http://www.listsearch.com/lassotalk.lasso
Manage your list subscription:  
http://www.listsearch.com/lassotalk.lasso?manage
Reply | Threaded
Open this post in threaded view
|

Re: Captcha from LassoForge

Fletcher Sandbeck
In reply to this post by Steffan A. Cline
On 2006-10-12 at 22:28 by [hidden email] (Steffan A. Cline):

>I tried on page load to generate a code and put it into a session. Then the
>body of the captcha hits where it calls a lasso page to generate the image.
>The code that generates the image on the fly has bombed out where because it
>is hitting at the same time the magic code does not make it into the session
>before the image calls it.

It seems like that should work since the page is fully generated, and the session committed, before the browser requests the image, but I know that it can be tricky to use sessions to transfer data between pages which are loaded concurrently.

I worked around a similar problem when I created the Serve.LassoApp that was in a recent tip of the week.  I ended up using the [Serve] tag to insert a value into a global map.  This value was then immediately available when the image was loaded.  It was easier to get all the concurrent accesses straight with the global map.

The value in this case is actually a custom type instance which can provide image data from several different sources, not necessarily the image data itself.  This works pretty well for FileMaker data sources since the image data need only be fetched when it is actually served.

Serving Images From FileMaker Container Fields and MySQL BLOB Fields
<http://www.omnipilot.com/TotW.1768.9177.lasso>

[fletcher]
--
Fletcher Sandbeck                         [hidden email]
Director of Product Development       http://www.lassostudio.com
OmniPilot Software, Inc.                http://www.omnipilot.com

============================================
Attend the Lasso Summit
March 2-7, 2007 in Fort Lauderdale, FL
http://www.LassoSummit.com/
============================================

------------------------------
Lasso Support: http://support.omnipilot.com/
Search the list archives: http://www.listsearch.com/lassotalk.lasso
Manage your list subscription:  
http://www.listsearch.com/lassotalk.lasso?manage