Team demo the CAPTCHA 3D text design V4.0 which currently still work in Java Applet platform to the supervisor.
Discussion:
Supervisor satisfy with the CAPTCHA design and feedback with the following comment :
· Need to change some of the font type to other which is easier to be identified by the users.
· Try to implement multicolor CAPTCHA design.
· Need to adjust some of the characters angles to make their shading and shadow more obvious to be identified.
Action:
· Need to change some of the font type to other which is easier to be identified by the users.
· Try to implement multicolor CAPTCHA design.
· Need to adjust some of the characters angles to make their shading and shadow more obvious to be identified.
Action:
Above suggestion will be updated by ALAN and Sebastian in newer CAPTCHA design.
CAPTCHA customizer
Team demo the CAPTCHA customizer tools V3.0 to the supervisor. Below are some of the print screen from the CAPTCHA customizer tools.
CAPTCHA customizer
Team demo the CAPTCHA customizer tools V3.0 to the supervisor. Below are some of the print screen from the CAPTCHA customizer tools.
Discussion:
Supervisor satisfy with the CAPTCHA customizer design and feedback with the following comment :
· Users enter field must implement with error entry checking.
· Remove the unused field to prevent confusion from users.
· Preview of the effect should reflect to the actual value entered by users.
Action:
· Users enter field must implement with error entry checking.
· Remove the unused field to prevent confusion from users.
· Preview of the effect should reflect to the actual value entered by users.
Action:
Above suggestion will be updated by ALAN in newer CAPTCHA Customizer Tools version.
CAPTCHA Answer Validation
Team demo the CAPTCHA validation system V1.0 which developed based on J2EE Form-based Authentication service to the supervisor.
Discussion:
Supervisors satisfy with the validation system and feedback with the following comment:
· The validation must be secure to prevent attackers from by pass the CAPTCHA system.
· Only 1 set of server code needed to be developed in order to validate the answer from normal computer web and J2ME users.
· CAPTCHA validation answer should store in DATABASE system instead of Hash Table which use hip memory.
Action :
Lexis and Sebastian will update the Supervisor feedback in newer validation system.
Discussion:
Supervisors satisfy with the validation system and feedback with the following comment:
· The validation must be secure to prevent attackers from by pass the CAPTCHA system.
· Only 1 set of server code needed to be developed in order to validate the answer from normal computer web and J2ME users.
· CAPTCHA validation answer should store in DATABASE system instead of Hash Table which use hip memory.
Action :
Lexis and Sebastian will update the Supervisor feedback in newer validation system.
Logging
Team discussed with Supervisor regarding the logger design:
Discussion: Team explained to Supervisor regarding the implementation of log system to the CAPTCHA system. The following are the details:
1. Log system will log the following details of the visitors:
· IP address
· MAC address (Prevent NAT)
· Access date/time
· CAPTCHA challenge
· CAPTCHA answer
2. If a visitor request the CAPTCHA challenge more than 5 times within 24 hours, the system will block the visitors from requesting a new CAPTCHA again for 12 hours. This can prevent DoS attack by stoping an attacker keep requesting for new CAPTCHA to jam the server traffic.
3. The log system could prevent the following attacks :
· An attacker who is trying to do brute force attack to break the CAPTCHA answer.
· An attacker who trying the request the CAPTCHA challenge to drain the server resource.
Supervisor approves the log design and gives green light for team to implement it to the current CAPTCHA design.
Action:
Adrian and Sebastian will start the design and actual implementation of the log system.
Discussion: Team explained to Supervisor regarding the implementation of log system to the CAPTCHA system. The following are the details:
1. Log system will log the following details of the visitors:
· IP address
· MAC address (Prevent NAT)
· Access date/time
· CAPTCHA challenge
· CAPTCHA answer
2. If a visitor request the CAPTCHA challenge more than 5 times within 24 hours, the system will block the visitors from requesting a new CAPTCHA again for 12 hours. This can prevent DoS attack by stoping an attacker keep requesting for new CAPTCHA to jam the server traffic.
3. The log system could prevent the following attacks :
· An attacker who is trying to do brute force attack to break the CAPTCHA answer.
· An attacker who trying the request the CAPTCHA challenge to drain the server resource.
Supervisor approves the log design and gives green light for team to implement it to the current CAPTCHA design.
Action:
Adrian and Sebastian will start the design and actual implementation of the log system.
CAPTCHA design for session 2
The Game based CAPTCHA ideal is rejected by Supervisor.
Discussion:
Supervisor advice that hackers could try to write an “object moving” script to break the game. Hence he advice us to come out with other CAPTCHA design like image or Chinese character CAPTCHA.
Action:
Team will need to come out with another CAPTCHA design.
Attendance :
Discussion:
Supervisor advice that hackers could try to write an “object moving” script to break the game. Hence he advice us to come out with other CAPTCHA design like image or Chinese character CAPTCHA.
Action:
Team will need to come out with another CAPTCHA design.
Attendance :
- TAN HAN CHIANG
- SEAH CHOON YEE, SEBASTIAN
- CHEE SUEN SIANG, ALAN
- CHIA U-MENG, ADRIAN
- OW WAI LEONG, LEXIS
No comments:
Post a Comment