http://qs321.pair.com?node_id=604278


in reply to howto: Perl CGI, image with random scewed text for account creations

There's also GD::SecurityImage which requires that you have GD installed (obviously), we've used this in a couple of production apps for CAPTCHA purposes. The usability thing is a concern tho with this Text-in-image approach, would be interested in hearing how others attack an audio alternative

Replies are listed 'Best First'.
Re^2: howto: Perl CGI, image with random scewed text for account creations
by skazat (Chaplain) on Mar 13, 2007 at 03:20 UTC

    Actually, (and oddly), GD::SecurityImage also has support for an Image::Magick backend as well. You're probably better off using the GD backend. The amount of support for fiddling with the image'd text is pretty low though, and probably fairly easy to crack. The included font with the package is pretty well suited for this application, though.

    I personally have used this module for CAPTCHA work on my web app and also have had requests for an audio-version of the CAPTCHA image. I've been looking at the Authen::PluggableCaptcha module, but there's no audio support for it, yet. Sigh.

     

    -justin simoni
    skazat me

      Hi, I' m the author of GD::SecurityImage. Image::Magick was an early addition and it was a request from someone else. It does not use the full power of Image::Magick (which is far more powerful than GD, but slower) and is merely a compatibility layer. You can use several different fonts and randomly changing styles/particles/scramble to make it hard for OCRs. But it may be possible to crack.. I don't know (I got zero feedback on this subject).

      I didn't like Authen::Captcha' s approach with "graphic letters" and it's lack of plug-ability. It has it's own flat file database, while I prefer DB & sessions. I also like Tim Toady ;) I've added a sample part to show the generated images: GD::SecurityImage