Channels ▼
RSS

Security

Implementing Audio CAPTCHA

Source Code Accompanies This Article. Download It Now.


David works as a musician, writer, and software engineer (not necessarily in that order). He can be contacted at www.summersong.net.


"Knock, knock, knock."

"Who is it?"

"It's me, Dave. Open up..."

When Cheech and Chong performed this routine in the 1970s, it became as popular as Abbot and Costello's "Who's on First?" was with a previous generation. While "Dave" was negotiating the possibility of opening the door, they both knew they were talking to human beings. But when considering if you will "open the door" to your blog comments or other feedback, you aren't as lucky. In fact, more often than not, you may be dealing with a machine asking you to open up.

You've probably seen the disaster areas left in the wake of a robot attack on a blog or other web feedback portal, when no filtering mechanism was used in the comments section. It's not a pretty site. Excessive blog spam can drive away readers as well as bring undesirable Google associations with your name.

In an even more important area, protecting personal information on banking, employee databases, and other sites, it's imperative for webmasters to determine if they are dealing with human beings. The usual method for accomplishing this is some form of CAPTCHA, short for "Completely Automated Public Turing Test to Tell Computers and Humans Apart" (www.captcha.net), which requires you to read some distorted text like that in Figure 1, then correctly enter the text sequence into a dialog box. Reading the text is (theoretically) easy for you, but difficult for a computer.

Figure 1: A typical CAPTCHA.

I think of a CAPTCHA as a lock that should be easy for humans to open, but hard for machines to decipher. Certainly, locking your car or house is not a foolproof way of stopping bad guys from doing their worst. The idea of a lock or alarm is really to make it harder for someone to mess with your stuff—so hard that they will move along. This is really the practical goal for a CAPTCHA as well.


Related Reading


More Insights






Currently we allow the following HTML tags in comments:

Single tags

These tags can be used alone and don't need an ending tag.

<br> Defines a single line break

<hr> Defines a horizontal line

Matching tags

These require an ending tag - e.g. <i>italic text</i>

<a> Defines an anchor

<b> Defines bold text

<big> Defines big text

<blockquote> Defines a long quotation

<caption> Defines a table caption

<cite> Defines a citation

<code> Defines computer code text

<em> Defines emphasized text

<fieldset> Defines a border around elements in a form

<h1> This is heading 1

<h2> This is heading 2

<h3> This is heading 3

<h4> This is heading 4

<h5> This is heading 5

<h6> This is heading 6

<i> Defines italic text

<p> Defines a paragraph

<pre> Defines preformatted text

<q> Defines a short quotation

<samp> Defines sample computer code text

<small> Defines small text

<span> Defines a section in a document

<s> Defines strikethrough text

<strike> Defines strikethrough text

<strong> Defines strong text

<sub> Defines subscripted text

<sup> Defines superscripted text

<u> Defines underlined text

Dr. Dobb's encourages readers to engage in spirited, healthy debate, including taking us to task. However, Dr. Dobb's moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing or spam. Dr. Dobb's further reserves the right to disable the profile of any commenter participating in said activities.

 
Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.
 

Video