Advantages of CAPTCHA for PERL

The biggest advantage of this program is system resources. Since all the images are premade, there is no load on the server generating images on the fly. As much as some people think the load is insignificant, it is all the little insignificant programs running at the same time that bog down servers. If you only have a few people using your website, then no sweat. But if you have thousands or millions, those insignificant programs become very significant. Anyone that programs knows that it is critical to trim every program to its most efficient state to maximize the servers potential.

It is always easier to build one program that uses 100% of the system resources than to build one that uses very little. One bad program can crash a server. Keep them lean and neat. You will thank yourself later.

Another big advantage is that there are no text fields passed via the web. So there is no data for a bot to use to try to unencrypt your images. Standard encryptions do not work well because the querries are in fact the key to unlocking the text on the images. This method completely circumvents the use of any passed variables that have any relation to the solution.

I am reminded of the early days of the net when people used javascript password page protection where the password was contained in the sourcecode of the page. Most visitors did not realize they could view the source, so it was commonly used. Anyone with a few weeks of web experience could figure that out.

Todays bots are smarter than most people. With OCR subroutines that can read better than most people. We need to be smarter than the computers these days to maintain order. Sloppy security wont help your website. And this program is a unique way of attaking the problem.

The images are also the database. So updating or increasing the number of images only involves uploading new images. There are no relational databases to update or generate. If you decide the images you are using are too easy for OCR bots to read, you can change them to something more obscure without changing any of your programing.

There are no paramaters on the images. So you can mix images with 4,5,6 or more characters all in the same group. That makes the program even more dynamic.

The concept is clean and easy. Any asp, jsp, php or other programer can use the captcha.cgi to deliver the images and wite a few lines of code to verify the images against the temp file.

Because of the image anonimity, the script should work very well with just 100 or so images. Although I suggest using more, if managing large numbers of images is an issue, the the script can still work with just a handful of images.

All the images provided are gif images most under 1kb. So even 1000 images wont take up much server space.

If you are really paranoid, you can use as many images as you want, but they all need to reside in one directory. I would suggest limiting images to 10,000 per directory and modifying the code to chose a random directory which would easily put you in the millions of images.

You could do that with some simple code like this:
$totaldirs = 10; # number of directories you have
$randomdir = int rand($totaldirs);
$imagedir = "/imagedir/$randomdir";

# that would be added just above the code in the captcha.cgi to choose the image.

# open image dir choose a random image
opendir IMGDIR, "$imagedir";
@allimgfiles = readdir IMGDIR;

#$totalimages = @allimgfiles;

# define each image
foreach $imgfile(@allimgfiles) {

# count and use only the gif images
if ($imgfile =~ /\.gif/i){
$countimages++;
$IMAGE{$countimages} = $imgfile;}
}

# choose a random image
$randomnumber = int rand ($countimages);
if ($randomnumber < 1){$randomnumber = 1;}

$randomimage = $IMAGE{$randomnumber};