Solved: SAP Captcha api

former_member206243 · ‎09-23-2009

Hi,

We need to integrate a captcha in our application.

Is there any captcha functionality already provided by Netweaver ?

Thanks & Regards,

Shobhit

WolfgangJanzen · ‎09-24-2009

No, currently there is none.

If you observe the market (or simply search for the keyword "captcha") you'll soon realize that there's a similiar "race" like on the virus / anti-virus market: there are many different captcha implementiations - and their corresponding counterpart, the anti-captcha.

So, it's not sufficient to implement a captcha feature, once.

No, you always have to keep an eye on the anti-captcha group - and provide the next update.

Furthermore: Captchas intend to block machines - unfortenately this does not only effect "robots" but also screen-readers and other accessibility equipment.

Conclusion: captchas cannot reliably block the robots - but might block humans which require technical tools (accessibility support).

On the market there are a few captcha servers which alternatively provide an audio captcha.

Most of them, however, provide such a bad audio quality that they are useless for humans.

And those which provide a good audio quality will most likely be also understood by robots ...

Frankly speaking, I hate captchas.

Whenever I stumble over a webpage which forces me to use captchas I'm not happy - and look for alternative offerings.

Former Member · ‎09-23-2009

Haven't seen anything like that yet, but I guess it can easily be done with a random generator (SUSR_GENERATE_PASSWORD??) and WDA before executing a service.

Not sure what the best design would be. Let us know if you find something.

Cheers,

Julius

mvoros · ‎09-24-2009

Hi,

I wouldn't say easily. As other guys mentioned it's pretty hard to implement good captcha. But the main problem is generating an image for captcha. I don't see any easy solution for WDA.

Cheers

Former Member · ‎09-25-2009

> But the main problem is generating an image for captcha. I don't see any easy solution for WDA.

Hi Martin,

I also have a problem with those images, which in an attempt to protect them against robots make them near unreadable for humans as well.

Instead of blurring and stretching them (which would be hard with WDA) one could simply generate a plain text easily readable string of 10 characters, and then have an instruction to the human output together with the string telling them to take the 1st, 4th, 7th and 9th character only, which they would need to be able to read and understand. The characters chosen can also be random, as long as the captcha knows which ones are expected.

Just an idea,

Julius

mvoros · ‎09-25-2009

Hi,

the problem is with passing those instructions to the users. You can not send them to users as plain text. It would be really easy to break it.

Now when I am thinking about implementing captcha in WDA I can imagine solution using external command. Basically it would be calling an external OS command to generate captcha images and then WDA will just display generated images.

Cheers

Former Member · ‎09-25-2009

What I was thinking is that only a part of the character string is used, and that part is random and sent to the user as an instruction on how to use that which they can see (in plain text).

I don't think a bot will be able to work that one out on it's own. Or am I being naive here?

Getting back to the image - I have also seen the spool used to convert generated data to PDFs so that might be an option as well for a bitmap. Yes, probably an external server program would be needed to convert the image into something which looks more like a pizza

I rest my case - for the image it would not be easy.

Thanks for the infos!

Julius

WolfgangJanzen · ‎09-25-2009

>


> Hi,
> 
> the problem is with passing those instructions to the users. You can not send them to users as plain text. It would be really easy to break it.

I agree to that. The textual instructions will be machine-generated (with fixed and variable parts), so it's pretty easy to parse them (as robot).

>


> Now when I am thinking about implementing captcha in WDA I can imagine solution using external command. Basically it would be calling an external OS command to generate captcha images and then WDA will just display generated images.

Replace "OS command" with "Web Service" or "SPI (Service Provider Interface)" (which could be subject of a certication program) and I'm with you.

mvoros · ‎09-25-2009

What's wrong with OS command The problem is that I can not imagine an implementation of captcha on pure ABAP stack. I guess you've seen SAP interface. Generally, ABAP is not good with graphics :-). Using OS command you can easily take any implementation of captcha and generate a pool of triplets <code,hashcode,image>. When number of triples gets lower than threshold value you simply generate a new batch of triplets. API will be similar to number range API. It will simply return one triplet and discard it from pool. You can also use another approach, just generate "big" pool of triplets and use it for limited period of time. After that you throw it away and generate new one.

Cheers

WolfgangJanzen · ‎09-24-2009