摘要： 为防止基于表单自动提交的HTTP攻击，验证码技术得到了广泛应用。论文对常见的几种验证码形式作了简要介绍，讨论了验证码的破解原理，实验表明，互联网上相当多的验证码都不具有可靠的安全性。最后结合OCR技术探讨了一些防范方法。

关键词: 验证码, HTTP攻击, Internet安全

Abstract: To avoid HTTP attacks using automatic form-committing, the identifying code technique is widely used. A brief introduction of the types of identifying code techniques and its application is given. The principles of recognizing and attacking are discussed. Primary experiments suggest that quite a lot of identifying codes are not secure enough. Finally, some methods and schedules with OCR techniques for prevention are proposed.

Key words: Identifying code, HTTP attacks, Internet security