views.captcha_image and captcha_audio

[GoogleCodeExporter]

Is it OK that it generates image every time client requests the view? And 

the data are served to client via django. So, would it be better to:

1. add FileFields (for image and audio)

2. rewrite views so they would generate data first time only (generate +
save it to FileFields) and return a RedirectResponse

3. so files could be served as a static data (via nginx, lighty or something)

4. ???

5. PROFIT!!! (better performance, stability and such)
If you like the idea, I'll write a patch.

Original issue reported on code.google.com by ww.lss...@gmail.com on 23 Sep 2009 at 4:42

[GoogleCodeExporter]

Sorry, I don't like the idea of storing captchas, because 1) it opens the 
possibility of repetition attacks and 2) we 
have to care about disk space, write permissions, conflicting filenames, .... 

Original comment by mbonetti on 8 Dec 2009 at 2:14

• Changed state: WontFix

[GoogleCodeExporter]

1) I wrote a patch that don't affect the way the application generates captcha 
and 
hashcode. So, if I understand you right, the possibility of repetition attacks 
is 
just the same as in original version. I just want to avoid the issue when the 
SAME 
image has to be generated twice (or more).
2) Static files are to be stored in django static directory, so write 
permissions, 
conflicting filenames and such are handled by django. As for disk space, the 
files 
are stored temporary and are deleted when CaptchaStore is deleted (django 
handles 
this).

I've attached a patch here, so you could see how it's done. The patch is not 
well 
tested though.

Original comment by ww.lss...@gmail.com on 14 Dec 2009 at 6:32

Attachments:

• captcha.diff