2010年8月3日星期二

Re: [fw-mvc] Zend captcha image

-- sandeep manne (సందీప్ మన్నే) <sandeep.manne@gmail.com> wrote
(on Tuesday, 03 August 2010, 07:15 PM +0530):
> I attached xdebug trace of a signup request with zend_capthca
> included, Correct me if my analysis is wrong, but according to my
> intial observation its taking thousands of execution steps starting
> from line 7040 in trace report.

I'll take a look at it -- thanks. That said, I cannot guarantee that we
can reduce substantially the number of execution steps.

> My recommendation is to add an option to give external distortion
> image which can be merged to the o/p image, this will reduce line
> noise code,

The problem with this approach is that if the distortion image is not
varied, machine readers can be "trained" to filter it. Even if we offer
multiple images and do a random selection of them, it will likely only
be a matter of time before somebody has developed a tool for filtering
all of them -- leaving ZF users who exercise this option vulnerable.

> I also suggest instead of using gd library to generate images, we can
> create zend_image component with adapter pattern. gd, imagemagick.
> etc... as adapters, this will give option for run time changing of
> image lib...

A couple of contributors, spearkheaded by Dolf Schimmel, have worked a
ton on this already (see the Zend_Image proposal on the wiki). However,
they've discovered something: imagemagick offers so much more than GD
that an abstraction layer that covers a broad realm of functionality is
difficult to achieve. Making the effort harder is the fact that GD is
bundled by default in a vanilla install of PHP -- but imagemagick is
only available via PECL -- which means the baseline support absolutely
must target GD. Even for something like CAPTCHA, the amount of effort to
get all the pieces working across both adapters is a lot of work.

If you're interested in helping them, I urge you to join the
zf-contributors list and ask how you can assist.

> On 3 August 2010 18:19, Matthew Weier O'Phinney <matthew@zend.com> wrote:
>
> -- sandeep.manne@gmail.com <sandeep.manne@gmail.com> wrote
> (on Tuesday, 03 August 2010, 04:58 AM +0000):
> > I feel zend captcha image is too complex and effecting performance on
> > huge requests when I traced the execution I found its adding thousands
> > of execution steps. Please try to optimize it with much simpler
> > captcha
>
> Please provide us with some concrete information from your code tracing.
> Bonus points if you can make some concrete recommendations on where we
> can simplify.
>
> CAPTCHA is actually a non-trivial undertaking, as it requires a fair bit
> of due diligence to ensure you get unique images that are obscured
> enough that they cannot be parsed by machines. Additionally, creating an
> image of this sort using PHP's GD requires quite a number of different
> calls just to draw the image -- and of course there's also the disk I/O
> requirement (as the image needs to have a physical representation on
> disk so that it may be displayed).
>
> If performance is an issue, and you still require using a CAPTCHA, I
> would recommend using something like ReCaptcha (for which we provide an
> adapter); this will offload much of the processing (though it introduces
> some potential network latency).
>
> --
> Matthew Weier O'Phinney
> Project Lead | matthew@zend.com
> Zend Framework | http://framework.zend.com/
> PGP key: http://framework.zend.com/zf-matthew-pgp-key.asc
>
>
>

--
Matthew Weier O'Phinney
Project Lead | matthew@zend.com
Zend Framework | http://framework.zend.com/
PGP key: http://framework.zend.com/zf-matthew-pgp-key.asc

没有评论: