[mod_python] CAPCHA

Deron Meranda deron.meranda at gmail.com
Thu Jun 22 10:12:41 EDT 2006 

If you're talking about a visual captcha, yes, I've developed several
before.  However I used PIL (Python Imaging Library
<http://www.pythonware.com/products/pil/>), since it's a native
Python module and you can manitpulate the images directly in memory
without having to pass things around in files.  I even serve up the
images directly from mod_python; so at no time do I mess with
actual files.

Note that developing captchas which are secure is much harder
than you may think.  Developing captchas which are usable even
more so.  There are many things you can do wrong that leave
them vulnerable without even considering how you create the
images.  Read up on them <http://en.wikipedia.org/wiki/Captcha>
including the references linked from there.  Also like most cryptographic
techniques, pay attention to the true entropy of your random number
sources.  The Wikipedia article also contains some pointers to some
Python implementations that you may or may not want to consider.

Also, just so you're aware, captchas are bad for accesibility.
So consider your audience/users too.
-- 
Deron Meranda

More information about the Mod_python mailing list