cocoon-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeroen Reijn <j.re...@hippo.nl>
Subject Re: Defending web applications against dictionary attacks
Date Fri, 07 Jul 2006 09:46:12 GMT
Hi Andrew,

Andrew Madu wrote:
> 
> 1. In my xml validations definitions file:
> 
>         <fd:captcha id="f1" required="true">
>           <fd:label>Copy the number shown into the input field</fd:label>
>           <fd:datatype base="string"/>
>           <fd:validation>
>             <fd:captcha/>
>           </fd:validation>
>         </fd:captcha>

According to the samples in cocoon 2.1.9 this is correct.

> 2. In my jxt file:
> 
>         <ft:widget id="f1">
>             <fi:styling listbox-size="30" class="keyinbox"/>
>          </ft:widget>

Yep seems fine.

> 
> When I submit the form the validation works, 
> validation.captcha.mismatch, the only problem being that I don't know 
> how to display the generated captcha image that needs to be entered!!! 
> Do you or anyone else know how to do this?

Yes you can find this in the samples when you build cocoon 2.1.9.

> 
> Secondly is it possible to set properties of the captchareader in the 
> sitemap so as to control the height, width, background color, font type 
> etc etc etc of the captcha image and if so how can I do that?

Yes it is. I you use an SVG for the captcha image you can modify all these properties.

You will have to have something like this in your sitemap:

     <!--
        | Generate the CAPTCHA image. Any type of generator can be used here,
        | as long as it reads the string to display from the session
        | attribute named "captcha-{1}".
        | Using an SVG file as input requires that the Batik block be
        | included in the build.
        -->
     <map:match pattern="captcha-*.jpg">
       <map:generate type="jx" src="captcha-image.xml">
         <map:parameter name="value" value="{session-attr:captcha-{1}}"/>
       </map:generate>
       <map:serialize type="svg2jpeg"/>
     </map:match>

With the following captcha-image.xml

<svg width="210" height="75">
     <defs>
         <filter id="blur2">
             <feGaussianBlur stdDeviation="2"/>
         </filter>
     </defs>
      <g id="imagegroup">
         <text style="fill:#0086B3;font-size:42;font-family:Courier;filter:url(#blur2);"
x="0" 
y="48">#{$cocoon/parameters/value}</text>
      </g>
</svg>

I hope this helps you out a bit more. It's best if you take a look at the samples in Cocoon.
It will give you a nice 
code overview of how to enable captcha for you website.

Regards,

Reijn


> 
> regards
> 
> Andrew
> 
> On 07/07/06, *Antonio Gallardo* <agallardo@agssa.net 
> <mailto:agallardo@agssa.net>> wrote:
> 
>     Andrew Madu escribió:
>      > Hi,
>      > just wanted to know what you guys thoughts are on this issue and how,
>      > if at all, you handle it with your own sites?
>     CAPTCHA [1] might help. BTW, there is built-in support in cocoon. See
>     samples here: [2] [3].
> 
>     Best Regards,
> 
>     Antonio Gallardo.
>      >
>      > regards
>      >
>      > Andrew
> 
>     [1] http://en.wikipedia.org/wiki/Captcha
>     [2]
>     http://cocoon.zones.apache.org/demos/21branch/samples/blocks/captcha/welcome
>     [3]
>     http://cocoon.zones.apache.org/demos/21branch/samples/blocks/forms/captcha/
> 
>     ---------------------------------------------------------------------
>     To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
>     <mailto:users-unsubscribe@cocoon.apache.org>
>     For additional commands, e-mail: users-help@cocoon.apache.org
>     <mailto:users-help@cocoon.apache.org>
> 
> 

-- 
Met vriendelijke groet,
Kind regards,

Jeroen Reijn

Hippo

Oosteinde 11
1017WT Amsterdam
The Netherlands
Tel  +31 (0)20 5224466


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org


Mime
View raw message