What is MBLM Logic Check?
Can you read this?
How about this?
MBLM Logic Check is a Microsoft.NET 2.0 class library for ASP.NET containing a framework to enable web developers to provide protection for their sites from automated attacks without sacrificing useability.
MBLM Logic Check is a substitute for what is commonly referred to as a CAPTCHA.
Captcha is an acronym for "Completely Automated Public Turing test to tell Computers
and Humans Apart", trademarked by Carnegie Mellon University. A captcha, as its
commonly known, requires the user to type the letters into an input field that is displayed in a distorted image.
What's wrong with Captcha images?
The major drawback to captcha images is accessibility. Statistical surveys
have shown as much as 5% of people surfing the web have some form of severe visual
impairment. These people may have great difficulty in discerning the characters in most captchas.
As such, captchas unfairly disadvantage those who are the most in need.
For a comprehensive discussion of these issues see w3.org's discussion on the matter.
Not only does inaccessibility reduce the number people who can use your site, it may also affect your page ranking.
Search engines such as Google are beginning to factor in accessibility and adherence to standards when determining page rankings.
A key fault with the captcha image approach is that it needs to be unreadable by OCR (Optical Character Recognition) technology.
Because of this captchas are often so difficult to read even those with normal sight may have difficulty reading them.
Many companies are heavily investing in OCR, and it is continuously improving.
It is only a matter of time till an OCR solution becomes freely available to attackers that will make captcha images useless as a means of protection against automated attacks.
How MBLM Logic Check works
MBLM Logic Check provides a framework designed to randomly generate any type of logical question and verify a submitted answer.
The process of verifying questions is made very simple through the MBLM.LogicCheck.Web.LogicValidator ASP.NET validator control.
The LogicValidator control gets its questions and associated answers from classes implementing the ILogicCheck interface.
This release of MBLM Logic check ships with a Maptcha class (Mathematical Automated Public Turing test to tell Computers and Humans Apart) which implements the ILogicCheck interface.
MBLM Maptcha objects randomly generate simple arithmetic problems in both numeric and textural formats.
The complexity of maptchas can be configured from the web.config.
MBLM Logic Check provides a simple framework allowing developers to create their own types of logical tests, and include them using settings in the web.config.
On each request a plug-in is chosen randomly by the system to handle a request for a logic check.
In the Web.Config each plug-in may be assigned a weighting which affects the probability that a plug-in will be chosen to handle a request.
MBLM Logic check has been made to be highly configurable for two reasons:-
- To give developers the agility to quickly counter any attempts made by an attacker.
- The key problem with security systems is that they are always prone to exploits and once widely deployed, attackers can take advantage of a common exploit across many systems.
There is no perfect solution for securing web sites from malicious attacks; MBLM Logic Check is no exclusion.
MBLM Logic Check's goal is not to provide a foolproof system, but to create a standard framework that makes it easy for developers to deliver protection against spiders and bots that is unique to their site, without sacrificing accessibility.