Comments on: Codetcha

By: alex

alex — Wed, 28 May 2008 23:33:34 +0000

the low was easy

noce idea

By: Gareth Heyes

Gareth Heyes — Wed, 26 Mar 2008 00:24:19 +0000

@agente_naranja

It takes me around 5-10 seconds to solve, did you use the test syntax and the highlighted lines numbers? I guess I can reduce it and make it easier or harder depending on the target audience, I see it as a means to remove useless comments and spam within a technical environment.

The code itself can be configured to produce longer/shorter variables and less functions if required, I’ve done it like this because I see each one being unique and therefore difficult to attack.

Thanks for the good feedback I’ll look into making it more friendly and producing better variable names.

By: agente_naranja

agente_naranja — Tue, 25 Mar 2008 23:37:18 +0000

@Gareth
Is not *that* easy to solve. It took me like a minute to solve medium, probably you guys can solve it in 30 seconds but it’s still plenty of time. Mostly because I took time to look for the declaration of all variables, not only fixing the missing )’s or }’s. And what about setting some more less obscure variable names? Like “first”, “second”, etc. A variable called “z9gC0″ is difficult to track

But the idea is really good, I mean, users can reduce it to just one line of a code and say “Fix the three errors in this code and press Submit”. That would certainly prevent lots of “useless” people into joining particular websites.

By: fragge

fragge — Wed, 19 Mar 2008 05:27:32 +0000

@Thiago
It doesn’t have to be used on every post. Just on registration on members only forum.. elitist coders ftw.

By: Gareth Heyes

Gareth Heyes — Tue, 18 Mar 2008 11:43:35 +0000

@Thiago

The CAPTCHA is quite easy to solve and only takes a few seconds and it improves your javascript debugging skills along with it. As a added bonus it can also be used to eliminate script kiddies from forums,

I’m not saying it could be used on all forums but ones with a high technical knowledge it could prove useful.

By: Thiago

Thiago — Tue, 18 Mar 2008 11:33:02 +0000

I don’t think that this kind of verification could be realy used. Imagine, to every message in the forum you have to fix these boring useless codes.

By: Gareth Heyes

Gareth Heyes — Tue, 18 Mar 2008 09:58:47 +0000

@islam

That isn’t XSS. Unless you can provide me with the means to remotely execute the code without user interaction then I won’t fix it. If you consider that XSS then every web site is vulnerable on the internet, go to google.com enter javascript:alert(/XSS/) in the url bar

By: islam

islam — Tue, 18 Mar 2008 09:37:03 +0000

hello , just take look about javascript with the main html document so the user will have the ability to control all the page contant and activity which may be lead to XSS Bug
find way to separate code code checked engine from main page javascript renderer

thank you!

By: islam

islam — Tue, 18 Mar 2008 09:24:46 +0000

just test!

By: nikos

nikos — Mon, 17 Mar 2008 22:47:38 +0000

i ‘m still laughing…