Comments on: Securimage 2.0.1 Beta Released

By: pinks

pinks — Mon, 26 Jul 2010 06:51:50 +0000

good, thanks.

By: me on wordpress

me on wordpress — Sun, 16 May 2010 10:55:01 +0000

good update info

By: abeecdick

abeecdick — Sun, 16 May 2010 10:53:34 +0000

nice info, thanks

By: abeecdick

abeecdick — Sun, 16 May 2010 10:50:57 +0000

It's nice thanks

By: dave

dave — Fri, 19 Mar 2010 19:34:00 +0000

Oh just as a after thought HTML5 has audio support, it might be an idea in the future to provide a direct access to a mp3/ogg/wav stream as an alternative to the flash audio. That would be UBER cool.

By: dave

dave — Fri, 19 Mar 2010 19:27:05 +0000

Also maybe you should include the .fla or any .as files you may have for the secureimage_play.swf. That way we could at least audit the code for any problems in the flash, or even improve the code.

By: dave

dave — Fri, 19 Mar 2010 18:49:46 +0000

*Wishes for new features*
I noticed that the signature_font is not a public property and is defaulted to use AHGBold.ttf, and the size of the signature font is hardcoded to 10pts. It would be cool if this was adjustable.

*Security Issues*
Could you please store the $_SESSION['securimage_code_value'] as a salted md5/sha1 hash. This would stop somebody possibly using a script in a shared hosting environment to automatically hijack a session and extract the 'securimage_code_value'.

Also as this is a PHP5 script, could you please set the intended class properties and functions to private. That may stop an attack vector from another PHP class.

You might also want to immediately unset($this->code) as soon as it has been used to generate a word image and it has been store to session, just to be safe.

If you need some help with these security fixes just email me.

My 2c

By: jattind

jattind — Sun, 21 Feb 2010 19:39:29 +0000

I have updated to 2.01 Beta. It was easy to install. I added the audio capability as well, which also work fine. However I did find that in SSL mode the audio does not work using IE. The speaker image keeps showing the circle. Both Firefox and Safari browsers did not have this issue. The audio works fine for in SSL and non-SSL modes. The tests were done using the example_form supplied as part of the package.

By: Stanley WAS

Stanley WAS — Tue, 09 Feb 2010 16:51:22 +0000

Tried it; too many problems. Succeeded with an html captcha script.

By: luis

luis — Wed, 27 Jan 2010 16:31:09 +0000

Quisiera descargar el beta 2.01. Gracias.

By: aravind

aravind — Mon, 04 Jan 2010 08:33:46 +0000

Thans

By: Tim

Tim — Wed, 30 Dec 2009 03:11:29 +0000

I'll give it a shot. Sounds easy enough.

By: Anil Saini

Anil Saini — Thu, 17 Dec 2009 13:44:29 +0000

Please send captcha code for php & some captcha images….