I've getting now many emails and bugs reports about security images 3.0.4. After looking closely at the source code and trying to reproduce those problems, I finally found the bug.
In fact this component is now a victim of its success, using it everywhere has also revealed a serious design flaw, but let me explain....
Security Images is using 2 hidden fields in the background:
  • Security_try which contains the text entered by the user
  • Security_refid, which contains a UUID which will be use or not (depending on the Plugin) to locate the private key in the database or session.
And these hidden fields names are spread in the code... this let the horror scenario happen:
If you have many securityimages (captcha images) generated in the same page: login module may have one, Guestbook may have one for example, the code wont work!

The browser will submit all Hidden fields which are in the form, and thus the first input text box (Security_try) may overwrite what the user has entered in another one...rejecting always the user as a result.

Solutions
  1. Prio 1: framework has to be configurable from the outside,
  2. Prio 1:  Free porn attack counter measures will be add to HNCapctha Plugin
Release

3.0.5 (Patch)
  • Free porn attack counter measures will be add to HNCapctha Plugin.
4.0.0 will have non compatible API changes
You will have to change some 3rd party components, but I will support following 3rd party components:
  • com_contact (Joomla core)
  • com_login (Joomla core)
  • com_registration (Joomla core)
  • akobookPlus
  • akoCommenPlus
Other like Community Builder, Galleries, JoomlaBoard will have to be supported by their own authors. Please contact them about that issue, I will document how to use the 4.0 in my wiki.

Other new functionnalities will be add to the 4.0 releases soon. (You can submit your ideas here)

Since it is raining over there :-( , it is realistic to see the version 4.0.0 before monday 29.05.2006

AkobookPlus new languages files:



You might like also

Nasty Bug in SecurityImages 5.1.2
Thanks to Margus Pala, a security Flaw has been reported and corrected in SecurityImages version 5.1.2 and previous The flaw is of moderate level, in register forms, spammers are able to register without solving the Captcha! It affect only SecurityImages 5.x for #Joomla! 1.5 SecurityImages 6.x for #Joomla! 1.6 is not affected In order to resolve this issue, you don’t have to install any new version of SecurityImages, you must either Update your blog with the right version of the …
3119 Days ago
HOW to make your own patches for securityimages
Just in case I take too much time to deliver a ready to use download, duration 5 minutes, but you need to understand basic php coding Create a temporary directory c:\patch Copy an existing patch distribution, under a new name For example, lets download #Joomla_1.5.13-Stable-Full_PackageForSecurityImages5.1.x_v01.01.00.zip into c:\patch\ and copy it to c:\patch\Joomla_1.5.14-Stable-Full_PackageForSecurityImages5.1.x_v01.01.00.zip Download the latest full zip package of #Joomla that target the patch (here 1.5.14), so I download Joomla_1.5.14-Stable-Full_Package.zip and save it in the same directory c:\patch\ Now download …
3777 Days ago
Joomla_1.5.13-Stable-Full_PackageForSecurityImages5.1.x_v01.01.00.zip
Only for SecurityImages 5.1.x and #Joomla! 1.5.13 Allow login views, login modules, register, lost password, lost user account and contact section to be protected by SecurityImages Are for #Joomla! 1.5.13 only and SecurityImages 5.1.x or later 14 files has been altered, mostly views, and com_contact/com_user controller, click on picture below for more details Download file Joomla_1.5.13-Stable-Full_PackageForSecurityImages5.1.x_v01.01.00.zip (33kB) and overwrite file on your server Go to #Joomla! control panel and HIT at least SAVE configuration once, this will add a new …
3787 Days ago
Joomla_1.5.12-Stable-Full_PackageForSecurityImages5.1.x_v01.01.00.zip
Only for SecurityImages 5.1.x and #Joomla! 1.5.12 Allow login views, login modules, register, lost password, lost user account and contact section to be protected by SecurityImages Are for #Joomla! 1.5.12 only and SecurityImages 5.1.x or later 14 files has been altered, mostly views, and com_contact/com_user controller, click on picture below for more details Download file Joomla_1.5.12-Stable-Full_PackageForSecurityImages5.1.x_v01.01.00.zip (33kB) and overwrite file on your server Go to #Joomla! control panel and HIT at least SAVE config once, this will add a new …
3809 Days ago
SecurityImages 5.1.2 available
This version should improve installations on some host, where the plugin securityimages.php did not always install properly. The reason behind is that I did add falsely an additional file index.html in plugin.zip. This may lead to permissions issues during installation. SecurityImages 5.1.2 do not contains any other changes, so If you’re happily running SecurityImages 5.1.1, no need to upgrade! Download Details …
3809 Days ago
Joomla_1.5.11-Stable-Full_PackageForSecurityImages5.1.1.zip
The #Joomla! community is pleased to announce the immediate availability of #Joomla! 1.5.11 Since #Joomla 1.5.11 is released...Here are the new patches for SecurityImages 5.1.1 AND #Joomla! 1.5.11 Allow login views, login modules, register, lost password, lost user account and contact section to be protected by SecurityImages Are for #Joomla! 1.5.11 only and SecurityImages 5.1.0 or later 14 files has been altered, mostly views, and com_contact/com_user controller, click on picture below for more details Download file Joomla_1.5.11-Stable-Full_PackageForSecurityImages5.1.0_v01.01.00.zip (33kB) and overwrite …
3840 Days ago
Joomla_1.5.10-Stable-Full_PackageForSecurityImages5.1.1.zip
The #Joomla! community is pleased to announce the immediate availability of #Joomla! 1.5.10 Since #Joomla 1.5.10 is released...Here are the new patches for SecurityImages 5.1.1 Allow login views, login modules, register, lost password, lost user account and contact section to be protected by SecurityImages Are for #Joomla! 1.5.10 only and SecurityImages 5.1.0 or later 14 files has been altered, mostly views, and com_contact/com_user controller, click on picture below for more details Download file Joomla_1.5.10-Stable-Full_PackageForSecurityImages5.1.0_v01.01.00.zip (33kB) and overwrite file on your …
3907 Days ago
SecurityImages 5.2.0 in active development
Following the Preview of SecurityImages 5.2.0, I am currently developing a proof of concept using the Ajax library JQUERY  jQuery is a fast and concise #JavaScript Library that simplifies HTML document traversing, event handling, animating, and Ajax interactions for rapid web development. jQuery is designed to change the way that you write #JavaScript. I want to allow generated captcha to be checked asynchronously without needing submit of whole page. This is a major complain since the beginning of SecurityImages, as …
3953 Days ago
New patches for Joomla 1.5.9 and Joomla 1.5.8
Some people have reported issue in the forum I've found the error in my code in some views but not all:      img src="/<?php echo JURI :: root() ?>/index.php? as a result, there is in image URL a double / which cause issues on some web host (no image displayed) I now provide a new patches versions for #Joomla! 1.5.8 and 1.5.9 that can be downloaded: Joomla! 1.5 patches 1.5.9 (stable / 2009-01-19)  Download Joomla! 1.5 patches 1.5.8 (stable / …
3975 Days ago
Joomla_1.5.9-Stable-Full_PackageForSecurityImages5.1.0.zip
The #Joomla! community is pleased to announce the immediate availability of #Joomla! 1.5.9 Since #Joomla 1.5.9 is released...Here are the new patches for SecurityImages 5.1.0 Allow login views, login modules, register, lost password, lost user account and contact section to be protected by SecurityImages Are for #Joomla! 1.5.9 only and SecurityImages 5.1.0 or later 14 files has been altered, mostly views, and com_contact/com_user controller, click on picture below for more details Download file Joomla_1.5.9-Stable-Full_PackageForSecurityImages5.1.0_v01.00.00.zip (33kB) and overwrite file on your …
3982 Days ago