Provided that the “evil one” has a simple HTML parser/scanner he won’t be able to find the sensitive information.
I could require a registration and some form of authentication, but this would hamper the number of people willing to leave their comments. So something simpler and as effective should be employed.
Time to study.
Basically I want to distinguish between a human leaving a comment and a spamming robot… sounds familiar. This is, after all, a Turing test. Not a simple matter. Anyway most of the other sites I saw employs a simple pattern recognition schema. A pattern (usually a random string) stored in an image is processed to add noise and distortion, the result is supposed to be readable by a human, but hardly recognized by an OCR. Searching on the wikipedia I came across this: CAPTCHA. CAPTCHA is shorthand for “completely automated public Turing test to tell computers and humans apart“. Exactly what I need.
The wikipedia page is well written and list a number of ready made packages for most programming languages, PHP included.
I spent some time after veriword. This seems a very complete package, but it proved to be a nightmare to have it working. The example doesn’t work, moreover digging into the code I wasn’t able to get anything usable as a readable image.
So I went on, decided to not investigate anything without a properly working example. At last I found GOTCHA that worked instantly out of the box. Some minor modifications were needed to integrate it with my blog… and ta-da. I’m done.