[wp-testers] WordPress 2.0.1 Remote DoS Exploit?
Robert Deaton
false.hopes at gmail.com
Fri Mar 10 20:33:17 GMT 2006
On 3/10/06, SilverCircle <silvercircle at gmail.com> wrote:
> > Lurk a while or browse the list archives and you'll find that most
> > WordPress devs are not enamored with captchas because they impose
> > barriers to usability.
>
> While there is a point in this argument, it's not really a big deal.
> If someone really wants to register (for whatever reason), he will
> most likely invest the few seconds needed to type that code. Also,
> most people who frequently use online systems such as forums or blogs
> are familar with that method today.
No matter if the average user is used to it, its still a usability
hole. I know that I personally have a lot of trouble reading many
captchas due to some slight color distinction problems that make it
difficult to pick out the swirled text from the
near-identical-slightly-different background colors.
> And it could be made optional and default to off.
And so, it could be done in a plugin. Plus, adding captchas adds huge
server dependancy into the core, some image processing library, a way
to store the current text that is being displayed (another db and/or
file write). This is plugin material without a doubt, but not
something that should or likely will be considered for core inclusion.
--
--Robert Deaton
http://somethingunpredictable.com
More information about the wp-testers
mailing list