4
whenever any kind of transactions or changes are made to a user’s account, the user acknowledges the
transaction. When you clicked the link above, if you had been displayed a page that said “Are you sure
you wish to transfer $20,000 to Account Number 1000000026?” you probably would have said “No.”
8. Implementing a CAPTCHA-type Scheme
Now imagine that you are a web developer. You get a call from Hometown Bank saying that they
have discovered an enormous security flaw in their online banking system, and they need you to fix it
for them. They tell you about users falling victim to an email scam that transfers money from their
accounts.
You know just how to solve the problem. You will implement a scheme like the CAPTCHA
technology with which you are probably familiar. The CAPTCHA system is a challenge-response
system which displays a series of characters and requires the user to read and enter the characters
displayed in a box to verify the user’s humanity (and acknowledgement of the transaction).
The system that you will be implementing will be a little simpler, but should work pretty well.
The first thing that you will need to do will be to find 10 simple pictures online by searching
http://images.google.com . The pictures may be of anything, but each picture should only include one
thing, for example:
• A hat
• A car
• A dog
You should avoid pictures with more than one object in them (a picture containing a horse and a truck),
or multiple pictures of the same item (2 pictures of cats). You should also avoid obscure objects that
members of the general public might not recognize, or might misidentify. You should also try to pick
pictures that are roughly square-shaped.
Once you have found your 10 images, save them to the /HometownBank/images/ directory in your
XAMPP install. You will now need to rename the images so that the image names are not descriptive
of what is in the picture. Randomly mashing on the keyboard should give you a pretty unrecognizable
sequence of characters for a file name. Make sure that there are no punctuation marks or spaces in the
file name, only letters between A and Z. The filenames should also be around 10-12 characters long.
Once you are done you should have renamed your 10 images to things like:
• eajjeagkajeg.jpg
• yturuyozya.png
• behaleghgh.gif
Now that your images have been renamed, you will have to add them to the database. To do this,
navigate to http://localhost/phpmyadmin . Once there, click on the “hometown_bank” database on the
left side. You will see that there are two tables in this database, “accounts” and “image data”. Click on
the “image_data” table. You will see that this table contains two fields: “URL” and “Description”.
You will now need to add the data for your images into this table. To do this, click “Insert” at the top
of the page. This will take you to a page where you may insert the information for your images, one
image at a time. In the “URL” field, insert the filename of your image. Be sure to include the
extension (.jpg, .gif, .ping, etc.) with the proper case (yes, it is case-sensitive!!) or your application
will not work. In the “Description” field, enter a one-to-two word description of the image (cat, house,
donut, etc.). Once you have done this, click the “Go” button, and continue inserting the information