摘要: 为防止基于表单自动提交的HTTP攻击,验证码技术得到了广泛应用。论文对常见的几种验证码形式作了简要介绍,讨论了验证码的破解原理,实验表明,互联网上相当多的验证码都不具有可靠的安全性。最后结合OCR技术探讨了一些防范方法。
关键词:
验证码,
HTTP攻击,
Internet安全
Abstract: To avoid HTTP attacks using automatic form-committing, the identifying code technique is widely used. A brief introduction of the types of identifying code techniques and its application is given. The principles of recognizing and attacking are discussed. Primary experiments suggest that quite a lot of identifying codes are not secure enough. Finally, some methods and schedules with OCR techniques for prevention are proposed.
Key words:
Identifying code,
HTTP attacks,
Internet security
吉治钢. 基于验证码破解的HTTP攻击原理与防范[J]. 计算机工程, 2006, 32(20): 170-172.
JI Zhigang. Principles and Prevention of HTTP Attacks Based on Identifying Code Recogniztion[J]. Computer Engineering, 2006, 32(20): 170-172.