Securing Website Forms with and without CAPTCHA

There are means to block automated or remote submission of the website forms. Having an unsecured form these days is just asking for a few hundred junk emails a week if not more. There are about 4-5 decent ways of blocking SPAM and potential “hacker” or intrusive programs from abusing our forms:

1. The most elegant in my opinion and definitely the least annoying to users, but not a completely secure or “perfect” solution is currently referred to simply as “Safer Contact Forms without Captcha”. There isn’t really anything tangible to show you a demo of, but an overview of the technology method can be reviewed here: http://15daysofjquery.com/safer-contact-forms-without-captchas/11/ or here: http://docs.jquery.com/Tutorials:Safer_Contact_Forms_Without_CAPTCHAs (i think this is the original author of this method, but they’re both the same thing)

Two downsides to this approach are:
1. Users must have cookies enabled as well as Javascript. A teeny tiny amount of visitors will not, but we can prompt them with a message.2. This security concept is based on the current methods that “bad bots” and hacker-programs use, but is in no means actually “securing” anything.
2. Number 2 because it is my second favorite option currently available: Ajax Fancy Captcha jQuery plugin. This one is cutting edge and truly is the best and most realistic way of proving someone is actually a human in todays software abilities and limitations. A live interactive demonstration of this is here: http://www.webdesignbeach.com/beachbar/ajax-fancy-captcha-jquery-plugin

Two downsides to this approach are:
1. “You don’t want to use CAPTCHA’s in general because you just know that requiring your visitors to read squiggly letters
and numbers just to send you a message is going to suppress communication – not encourage it.” – Quoted from the article
in option #1 :)
2. This method is the least friendly to handicap visitors using screen readers, etc. This isn’t a major concern on this project, since we are not subject to be Section 508 Compliant or anything, but it’s always something we should be conscious of. You never want to dishonor the ADA… ;)

3. Option #3 is very widely used and is actually the industry leader in CAPTCHA solutions in the open-source world. You’ve probably seen and used this at least a dozen times on various websites: http://recaptcha.net/plugins/php/

4. Option #4 is another flavor of CAPCHTA that is a little less “bloated” and has more readable characters, but is less effective than Option #3: http://www.archreality.com/jcap/. I’ve implemented this one one of our clients websites recently that you can look at: http://www.plansource.com/plansource/contact

January 30, 2010 | Filed Under Internet Technology, Web Scripting | Comments Off 

jQuery: The Write Less, Do More, Javascript Library

jQuery

jQuery

jQuery is a fast and concise JavaScript Library that simplifies HTML document traversing, event handling, animating, and Ajax interactions for rapid web development. jQuery is designed to change the way that you write JavaScript.

jQuery supports these browsers:

Any problem with them should be considered and reported as a bug in jQuery.

There are known problems with:

  • Firefox 1.0.x
  • Internet Explorer 1.0-5.x
  • Safari 1.0-2.0.1
  • Opera 1.0-8.x
  • Konqueror

jQuery generally works with Konqueror and Firefox 1.0.x, but there may be some unexpected bugs since we do not test them as regularly as Firefox 2.0+, IE6+, Opera 9+ and Safari 3+.

A good compatibility test is available in the form of the jQuery Test Suite.

August 15, 2009 | Filed Under Development Tools, HTML, xHTML & CSS, Open Source Software, Web Scripting, Website Design, jQuery | Comments Off