I Actually Like CAPTCHA

So I worked on the CAPTCHA field control last night, and got enough to where it compiled correctly (after its conversion from a WebPart), and actually deployed it alright. I still have some cleanup to do since I would rather reduce the code bloat that is in right now left over as remanants from the intial WebPart idea. Either way it worked, so I am happy.

So I sent it out to a friend last night in Arizona since he is generally pretty forgiving if I break something in his system, somewhat important since I really didn’t test that much outside of my local VM development environment. While it worked ok, he basically said he just plain doesn’t like the idea of CAPTCHA.

His basic reasons behind not liking it is because CAPTCHA images become increasingly difficult to read (due to text warping), and posting a comment can start to become a battle when trying to start a discussion. His main point is that the verification system should begin interrogation on the machine, not with the user.

I agree and I disagree with his statements. The CAPTCHA field control is meant as a first step in the right direction, and is something that will always be under development. Eventually, the SBSP bundle (which includes the CAPTCHA control) will include more elegant, neat solutions. One that I had in mind is a cryptographic solution that instead leverages AJAX or something similiar for verification. On a certain time increment, SharePoint will select a chunked number request (similiar to something like a GUID). When a listform page is called from a SharePoint site object, the AJAX call will firstly run decryption routines on itself, then on the stored GUID, and retrieve the GUID value which does some general pattern matching. No match, no comment post. Time-outs would also be clutch to ban IP’s.
These things are planned, however will not be built into the first release of SBSP. They will eventually be there though.


CAPTCHA WebPart for Blogs

So I have been working on a freeware CAPTCHA WebPart for a while, and it has been going pretty well, well kind of. For those that are unfamiliar with the technology, CATPCHA stands for Completely Automated Public Turing test to tell Computers and Humans Apart and is mainly meant for combating mass postings of meaningless bullcrap by bots and spammers who detract from the good nature of us bloggers. For a more detailed explanation of what CAPTCHA is, for once Wikipdeia has an accurate post, which can be found here.

I am making my CAPTCHA WebPart a segment of something I am calling the SharePoint Bot and Spam Protector (SBSP) package that although includes just CAPTCHA functionality currently. Right now the functionality is:

Numeric Length Property
Numbers or Letters
Image Format

Which as you can tell is all tailored around CATPCHA. However, I plan on extending this a little bit further to include code for:

Akismet (http://akismet.com/) – I am adding this because I think that the service is generally good. I am working out a deal with the company so that I can get the API keys that are required taken care of, which as far as I can tell from my conversations with them requires me to maintain a database of registered users. Since I don’t really think that it is necessary for people to register for my site, it would probably be beneficial to instead register for something like the SharePoint Community Portal. I am going to ask my MVP community about possibly having that hosted there instead.

(DUPM)Did you pass math? – This is just basic challenge / response protocol. Some people prefer it over using CAPTCHA images, which is fine depending on your preference. Some people prefer to use both which is acceptable as well.

Comment Timeout – This is probably, although it is not currently, going to natively be built in with the properties of whatever verification format that you use. The benefit of this is that older posts will automatically have their comments disabled. It just makes sense to do it this way. It is just a way to auto-close comments for posts that meet a certain criteria, in this case a time argument. It is somewhat common in most blog software.
All of the current, and the future stuff talked about, will be controllable through the WebPart properties (which is why in the screenshot you see the option to “display the CAPTCHA image”, which wouldn’t make much sense otherwise for the other spam/bot options like challenge/response math!).

(Yeah I know I spelled CAPTCHA wrong in some of the properties. Whoops!)

I got a bunch of the image types written (styles you can choose from for you CAPTCHA image), and I really have to admit that although the System.Drawing namespace and System.Drawing.2D namespace are quite powerful, I wanted to shove a pen in my eye when getting it to write out stuff appropriately (just the different CAPTCHA types). Ok, maybe its not that bad, but I really miss design surfaces when doing WebParts still (I know about the SmartPart etc., but I like native programming) particuarlly because I am not artist (it took me two months to design sharepointsecurity.com). You have to use System.Drawing.Graphics to make a an image object using FromImage with its desintation parameter, then go through all the attributes and properties to make the image pretty like the SmoothingMode, etc. Then getting the image out is just connecting the relevant lines and curves with things like GraphicsPath. To randomly generate the image, I iterate through a string of garabage text that randomly selects a set of numbers, then this class is consumed by the textual output display.
Once I figure out how to deploy the damn thing, I will be releasing it for testers.