textchas - make them more secure
completed by: rfw
mentors: Alexander Schremmer, ReimarBauer, Thomas Waldmann, Ronny Pfannschmidt
We have textchas (text captchas) to get rid of spammers. They help a bit as they are, but they are not fully cheating-proof.
You task is to make them proof against cheating (for spammers/attackers who writes moin-specific attack code)
- the problem is kind of a "replay attack" - if the spammer broke one textcha, he might be able to script spamming re-using that one manually broken textcha
- you'll likely have to use some server secret + random id + crypto to make the textchas tamper-proof
- you have to discuss your ideas with moin devs before starting to implement
- then, implement your solution for moin 1.9
- test it
- forward port your changes to moin/2.0-dev (there is textcha code also, but it is differently implemented, so just applying a patch won't work)
- test it in moin2
Deliverables: patches or changesetes for moin/1.9 and moin/2.0-dev
Your code will help moin wiki admins / users world-wide to stay mostly spam-free.
See tags. A bit of basic crypto/signing/checking knowledge helps.
Note: unless otherwise noted, tasks usually refer to moin2 (http://moinmo.in/MoinMoin2.0)!
http://hg.moinmo.in/moin/2.0-dev repository of moin2
http://hg.moinmo.in/moin/1.9 repository of moin 1.9
You can discuss this issue in the MoinMoin wiki: http://moinmo.in/EasyToDo/textchas%20-%20make%20them%20more%20secure