1 / 16

Preventing Automated Use of STMP Reservation System Using CAPTCHA

Prevent automated tools from making excessive reservations with CAPTCHA security solution. Understand CAPTCHA, implement GIMPY CAPTCHA methodology, and customize CAPTCHA for STMP reservations.

jasonh
Download Presentation

Preventing Automated Use of STMP Reservation System Using CAPTCHA

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Preventing Automated Use of STMP Reservation System Using CAPTCHA

  2. Introduction • The ATCSCC Intranet/internet has a web interface for making arrival/departure reservations for Special Traffic Management Programs (STMP).

  3. Purpose • We are looking for ways to prevent automated tools from getting large number of reservations.

  4. Proposed Solution • A website security solution designed with CAPTCHA image is proposed to prevent automated STMP reservations.

  5. What is CAPTCHA? • A CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) is a program that can generate and grade tests that most humans can pass, but current computer programs and automated tools can't pass. For example, humans can read distorted text as the one shown here, but current computer programs can't.

  6. Gimpy CAPTCHA • GIMPY CAPTCHA is a methodology where a word is randomly selected from a dictionary and a rendering of a distorted image of the word is shown. • The user is then asked to type in the word. • While human users have no problems typing the words displayed, current bots are simply unable to do the same.

  7. Process • User logs in. • User fills in the reservation form. • At the bottom of the form, user is shown a CAPTCHA image and asked to enter the characters in the image. • User submits the reservation request. • The web server processes the information. If the user response is correct, the reservation process is continued. If not, the user is shown an error page.

  8. STMP Reservation form (current)

  9. STMP Reservation form with CAPTCHA

  10. STMP Reservation form

  11. Reservation form with error message

  12. STMP Reservation form with color CAPTCHA

  13. Pop-up message

  14. CAPTCHA examples • 7-letter CAPTCHA – • 6-letter CAPTCHA - • 5-letter CAPTCHA – • Color CAPTCHA - • CFX Captcha

  15. CAPTCHA Customization • Text producer: Defaults to a random character generator. But there is a name generator as well. • The characters that will create the string can be configured. • No of characters in the captcha image: 3,4,5,6,7 etc. • Captcha Font (Arial, Helvetica, Courier, Times New Roman) • Font Size • Font color • Distortion • Background • Border around captcha • Color of the border • Thickness of the border around captcha

  16. Notes • ESTMP users are required to enter CAPTCHA input for each reservation request. • If the user input is wrong, an error message is shown and the reservation form is reloaded with new CAPTCHA image. • The reservation request is NOT processed by the server until the user enters correct CAPTCHA characters. • If reservation for the requested time is not available, the user is redirected to a page that shows reservation availability for different times. Users can select new reservation time but do not need to enter the CAPTCHA input in this page. • No CAPTCHA input needed for Confirm, Cancel or Update operations.

More Related