view release on metacpan or  search on metacpan

lib/Apache2/AuthCookieDBImg.pm  view on Meta::CPAN

Typically the image that is displayed is selected at random (provide
your own image randomizer here) with the hidden credential_3 field
also being set via the same random selector so that we can lookup
the word in the images table via the key we get in credential_3.

For example, my randomizer (written in perl and called via a perl 
page template processor similar to Template::Toolkit) will spit out
my image coding and hidden field coding into my HTML page selecting
a random image + key from the images table.  For example, the output
from my perl randomizer spits out:
<img src="/images/dbimg/junk.png"><input type="hidden" name="credential_3" value="1">

To make the work of the randomizer easier I create my images table
like this:
create table images ( imagekey serial, imageurl char(128), imageword char(20));

And load it up like this:
inssert into images (imageurl,imageword) values ('/images/dbimg/junk.png','saywhat?');

Then create an image named junk.png and put it in my web server /images/dbimg folder.
The text on the image has a background picture plus the word "saywhat?" across the front.

The randomizer just looks up the imageurl and imagekey in the database and spits out
the appropriate HTML code.   ApacheCookieDBImg then does a reverse operation, looking
up the imageword based on the key.

=head1 CAVEATS

This is not a truly random image, so it is not overly secure.  The initial idea is just
to thwart stupid bots.   Someone could easily visit the site and build a map of image