W3C home > Mailing lists > Public > w3c-wai-gl@w3.org > April to June 2001

security cookie in image

From: Al Gilman <asgilman@iamdigex.net>
Date: Sat, 12 May 2001 16:32:54 -0400
Message-Id: <200105122025.QAA14133045@smtp2.mail.iamworld.net>
To: w3c-wai-gl@w3.org
The practice Kelly Ford is referring to in this report is of interest. 

On second thought, I am not sure the reason is what I said on Webwatch.  

Are they doing this because it is easy to include a different cookie with each
time the page is served if the cookie is in an image?  Or are they doing it
with an image as a way to discourage robot sign-up?  If the latter is the
case,
then their security feature _would_ be defeated if the magic cookie were
proffered in text and not image.  But that means we need to find some other
security device that will work, because this one blocks participation by
people
as well as robots.

Al

>X-eGroups-Return:
sentto-1014776-495-989673924-asgilman=iamdigex.net@returns.onelist.com
>X-Sender: asgilman@iamdigex.net
>X-Apparently-To: webwatch@yahoogroups.com
>X-Sender: 10003479@pop.iamdigex.net
>X-Mailer: QUALCOMM Windows Eudora Pro Version 4.0
>To: <webwatch@yahoogroups.com>
>From: Al Gilman <asgilman@iamdigex.net>
>Mailing-List: list webwatch@yahoogroups.com; contact
webwatch-owner@yahoogroups.com
>Delivered-To: mailing list webwatch@yahoogroups.com
>List-Unsubscribe:
<<mailto:webwatch-unsubscribe@yahoogroups.com>mailto:webwatch-unsubscribe@ya
hoogroups.com>
>Date: Sat, 12 May 2001 09:33:03 -0400
>Reply-To: webwatch@yahoogroups.com
>Subject: Re: [webwatch] Another Example of Inaccessible Security Codes:
<http://www.eloan.com/>http://www.eloan.com
>
>This is another product of the same reasons that gave us "Your are visitor
>number [image] to this page."  It is the fact that the include mechanism was
>easy for images early on.  No comparably easy include mechanism for dynamic
>text that changes from hit to hit existed.
>
>Not that this makes it accessible or acceptable.  But there are two birds to
>kill here, if we find the right stone.
>
>I am told that OBJECT is now working in the latest releases of the leading
>browsers.  This may not be enough to satisfy the folks who wish to have their
>pages work in "level 3" browsers.  But it's progress.
>
>Al
>
>At 08:57 AM 2001-05-12 -0400, Kelly Ford wrote:
>>Generally these codes are image files, in effect pictures of the numbers
>>to be entered.  If you can see you just read the numbers.
>>
>>Kelly
>>
>>
>>
>>On Fri, 11 May 2001, McLeod Stinnett wrote:
>>
>>> I am experiencing the same problem with ragingbull.com they want you to
>>> enter the six digit code into the box. the code is in inaccessible. how
>>> does
>>> a sighted person access it, click on it, and it opens? i sent a note
>>> yesterday, waiting for reply.
>>>
>>>
>>> From: Kelly Ford <kelly@kellford.com>
>>> Reply-To: webwatch@yahoogroups.com
>>> To: webwatch@yahoogroups.com
>>> Subject: [webwatch] Another Example of Inaccessible Security Codes:
>>>
<<http://www.eloan.com/>http://www.eloan.com/><http://www.eloan.com/>http://
www.eloan.com
>>> Date: Fri, 11 May 2001 05:05:05 -0700
>>>
>>> Hi All,
>>>
>>> The issue of web sites displaying a graphic representation of text as a
>>> security code during account creation has been discussed here in the
>>> past. So to be short and unfortunately not too sweet, I'll just say that
>>> in attempting to use the web site
><<<http://www.eloan.com/>http://www.eloan.com/><http://www.eloan.com/>http
://www.eloan.com> I noticed that
>>> they too use the method of displaying a graphic representation of text
>>> and
>>> ask you to enter the info as a security code during account creation. You
>>> can experience the process for yourself at
>>>
><<<https://www.eloan.com/personalpages/accountsetup.jsp>https://www.eloan.
com/personalpages/accountsetup.jsp><https://www.eloan.com/>https://www.eloan
.com
>/personalpages/accountsetup.jsp>.
>>>
>>> I've sent a note and will follow up with phone contact later in the day
>>> to
>>> ask about alternatives and raise the issue. If anyone else is interested
>>> in contacting the company about the issue, contact info can be found at
>>>
><<<http://www.eloan.com/>https://www.eloan.com/s/show/contact?sid=user=mye
><http://www.eloan.com/>https://www.eloan.com/s
>/show/contact?sid=user=mye>.
>>>
>>> While I haven't found too many web sites that use this sort of process,
>>> it
>>> is a major brick wall of inaccessibility when it is used. Missing alt
>>> tags, tedious navigation and the rest of the problems we encounter are
>>> bad
>>> but items like this make it completely impossible to use a web site
>>> without
>>> assistance. I think we need to raise awareness of what a problem this
>>> concept is and encourage web sites to address the situation.
>>>
>>> Kelly
>>>
>>>
>>> To Post a message, send it to: webwatch@eGroups.com
>>> To Unsubscribe, send a blank message to: webwatch-unsubscribe@eGroups.com
>>>
>>> Your use of Yahoo! Groups is subject to
><<http://docs.yahoo.com/info/terms/>http://docs.yahoo.com/info/terms/><htt
p://docs.yahoo.com/info/terms/>http://docs.yahoo.com/info/terms/
>>>
>>>
>>>
>>> _________________________________________________________________
>>> Get your FREE download of MSN Explorer at
><<http://explorer.msn.com/>http://explorer.msn.com/><http://explorer.msn.c
om/>http://explorer.msn.com
>>>
>>>
>>> Yahoo! Groups Sponsor
>>>
<<http://www.debticated.com/>http://www.debticated.com/><http://www.debticat
ed.com/>www.debticated.com
>>>
>>> To Post a message, send it to:   webwatch@eGroups.com
>>> To Unsubscribe, send a blank message to: webwatch-unsubscribe@eGroups.com
>>>
>>> Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.
>>>
>>
>>
>>To Post a message, send it to:   webwatch@eGroups.com
>>To Unsubscribe, send a blank message to: webwatch-unsubscribe@eGroups.com 
>>
>>Your use of Yahoo! Groups is subject to
><<http://docs.yahoo.com/info/terms/>http://docs.yahoo.com/info/terms/><htt
p://docs.yahoo.com/info/terms>http://docs.yahoo.com/info/terms/ 
>>  
>
>To Post a message, send it to:   webwatch@eGroups.com
>To Unsubscribe, send a blank message to: webwatch-unsubscribe@eGroups.com 
>
>Your use of Yahoo! Groups is subject to
<http://docs.yahoo.com/info/terms/>http://docs.yahoo.com/info/terms/ 
>  
Received on Saturday, 12 May 2001 16:25:24 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:47:10 GMT