Limit Guesses

[GoogleCodeExporter]

According to your example (http://code.google.com/p/kaptcha/wiki/HowToUse)
it seems that multiple guesses can be made on a single CAPTCHA image.

It could be beneficial to assign a new totally random code to the
KAPTCHA_SESSION_KEY on failure, forcing the "user" (bot?) to now guess a
completely random string with no help, or consider at a new image.

This is likely out of the scope of the project, but also recording the time
when the CAPTCHA image was made and enforcing a maximum time to solve it
could be good.

Original issue reported on code.google.com by jmferl...@gmail.com on 9 Aug 2008 at 4:53

[GoogleCodeExporter]

For the first item, this would be implemented in your code. All Kaptcha does is 
serve an image and put a token 
in the session. If you want to reset it to a different value on failure, then 
go ahead. The only benefit for that is 
that you would be able to stop someone trying to brute force attack the kaptcha 
with a bot (ie: trying the same 
kaptcha value multiple times until they get it right. In my application, I do 
something like this instead: http://lookfirst.com/2008/06/red-listing.html

With regards to recording a time, I can add another parameter to the session 
that is a timestamp.

Original comment by latch...@gmail.com on 9 Aug 2008 at 5:55

• Changed state: Accepted

[GoogleCodeExporter]

Ok, just added a Date to the session for you.

Original comment by latch...@gmail.com on 9 Aug 2008 at 6:14

• Changed state: Fixed
• Added labels: Milestore-2.3.1

[GoogleCodeExporter]

Original comment by latch...@gmail.com on 9 Aug 2008 at 6:16

• Added labels: Milestone-2.3.1
• Removed labels: Milestore-2.3.1