|
![](/i/fill.gif) |
On Sat, 12 Feb 2005 08:18:56 +0100, Maurice wrote:
> It does defeat the scripts.
Arguably only until someone figures out how to script the authentication.
Having a username/password combination also doesn't defeat the scripts,
but it does require that an account be created, and an account that's been
created could be disabled.
Password-only solutions tend to be very short term stopgap solutions
because there's only one factor in the authentication mechanism, and
that's easy to spoof. (This is actually an area I can claim a fair degree
of expertise in)
If someone's figured out how to stuff vandalism into a form, then
presumably they can feed a password string into another form in advance of
the vandalism, and such a move would, by its very nature, be a trivial
modification to the script when the password is something that's
publicly available.
Jim
Post a reply to this message
|
![](/i/fill.gif) |