Comments on: CAPTCHA in Flex - Running Example http://www.flexer.info/2007/11/01/captcha-in-flex-running-example/ flex developers web corner Sat, 22 Nov 2008 00:27:01 +0000 http://wordpress.org/?v=abc By: Andrei Ionescu http://www.flexer.info/2007/11/01/captcha-in-flex-running-example/#comment-897 Andrei Ionescu Wed, 05 Nov 2008 13:53:37 +0000 http://www.flexer.info/2007/11/01/running-example/#comment-897 Phil, thank you for comment. The Flex/Flash Captcha is not the same as one used in HTML forms. In HTML you need use it server-side because a script can automatically submit data to the form's action URL (which is visible). In case of Flex/Flash to be able to submit to a web service (web service that is not easily visible) you need either to use a script that graphically recognizes inputs in flash player either to know, from inside, the web service and how to use it (which can be secured easily). This CAPTCHA is for graphically advanced scripts that can read screens, can recognize inputs and automatically submit data into it. And YES for some people the security is increased if they see a CAPTCHA. Even though using Flex/Flash client-side to interact with the server-side do not require such thing being itself secure enough. Phil, thank you for comment. The Flex/Flash Captcha is not the same as one used in HTML forms.

In HTML you need use it server-side because a script can automatically submit data to the form’s action URL (which is visible).

In case of Flex/Flash to be able to submit to a web service (web service that is not easily visible) you need either to use a script that graphically recognizes inputs in flash player either to know, from inside, the web service and how to use it (which can be secured easily).

This CAPTCHA is for graphically advanced scripts that can read screens, can recognize inputs and automatically submit data into it.

And YES for some people the security is increased if they see a CAPTCHA. Even though using Flex/Flash client-side to interact with the server-side do not require such thing being itself secure enough.

]]> By: Phil http://www.flexer.info/2007/11/01/captcha-in-flex-running-example/#comment-895 Phil Wed, 05 Nov 2008 06:26:56 +0000 http://www.flexer.info/2007/11/01/running-example/#comment-895 I'll grant you that it looks very pretty. However unless the captcha is generated server side and then sent to the flex as a graphic (png/jpeg) via AMF or some other method there is little to no point using this class. I would also suggest that given the standard color of the text and the font used even if this were generated server side it would be very easy to segment. This class can only provide the user with a false sense of security. If you want a captcha - generate it server side and make it hard to segment. I’ll grant you that it looks very pretty. However unless the captcha is generated server side and then sent to the flex as a graphic (png/jpeg) via AMF or some other method there is little to no point using this class.

I would also suggest that given the standard color of the text and the font used even if this were generated server side it would be very easy to segment.

This class can only provide the user with a false sense of security. If you want a captcha - generate it server side and make it hard to segment.

]]>