random text in bug submission.
keramida at ceid.upatras.gr
Fri Apr 8 13:34:09 PDT 2005
On 2005-04-08 13:27, Alan Larson <larson at w6yx.stanford.edu> wrote:
>>On Thu, Apr 07, 2005 at 04:56:11PM -0700, Alan Larson wrote:
>>> I entered the correct code, and it said it didn't match and
>>> refused to take my bug submission.
>>> What an annoyance.
>>> It showed the same code as a previous report, but did not accept
>>> the entry.
>> I really don't understand this behaviour. The image is called as a
>> volatile script (/cgi/sendpr-code.cgi?dummy) and sends no-cache
>> headers in the HTTP response. There's no way that your browser
>> should have shown you the same code again. What is it?
>>> There really should be some "are you really a human" at that point --
> What I meant was that the failure to match error page should give
> another (presumably different) image to match so one could continue
> the submit process without loss of the information that had just been
> manually entered.
> Sort of a "second try".
This is a denial of service waiting to happen. Unless, of course, there
is a severely limited number of allowed retries; in which case we're
back to solving the problem with having just one retry, and the caching
misbehavior you're seeing.
More information about the freebsd-bugbusters