On 4/17/05, Frank Wiles [email protected] wrote:
It would be valid, but any captcha implementation worth it's salt doesn't use flat file images. It generates a random name for the image and serves it up to the client.
Here is how it works:
Choose random captcha that happens to say "FooBar" which is in foobar.jpg.
Tell browser to load /images/AlkjsdfH293sdfhjh2234kjh.jpg
Have a system in place that, in the background, serves up foobar.jpg when asked for /images/AlkjsdfH293sdfhjh2234kjh.jpg
This keeps bots like you were thinking from working. Because each time the filename is different.
I had thought he was planning on using the whole file as the key to his cache, not merely the file-name. But articles I have read on generating captchas reccomend generating one-off captchas. You have a graphics library that takes one of the words on your wordlist, frobs it randomly, and produces a one-off image. You can even call the image generator captcha.png all the time, and let your session layer keep track of who got which word.
http://search.cpan.org/~unrtst/Authen-Captcha-1.023/Captcha.pm
for instance, uses the GD library to generate images as needed.