Programming Hiatus, Part 2

With respect to yesterday's feature article regarding new changes affecting our web site, Infopackets Reader Paul B. sent me the following Visitor Feedback:

" Dear Dennis,

Just a quick comment: Keep up the good work! I have never been disappointed with infopackets or any of the products I have purchased thru the site. Thanks for that.

I do have one question, however. I just read the 06/01/2004 issue of the Gazette, where you reported that you are writing web scripts [I.E.: special web server programs] in order to transform the layout of the infopackets web site. In writing this email to you via your online web form 'contact page', I noticed that I must choose a key from the pull down menu before I am allowed to submit this letter. I'm curious to know: just what is the purpose of having to choose a key from the pull down menu? "

My response:

The short answer is that choosing the correct key proves that you are in fact a human being (that has intelligence) and not a malicious program that is accessing the web-form in an attempt to cause damage to the web server.

In techy terms, this type of malevolence is referred to as a Denial of Service Attack, or a 'DoS attack'.

Side note: According to techtarget.com, "... A denial of service attack is a type of security breach to a computer system that does not usually result in the theft of information or other security loss. However, these attacks can cost the target person or company a great deal of time and money ... A denial of service attack can [even] destroy programming and files in a computer system." There are many types of DoS attacks; for some examples, check out the page at techtarget.com.

Now, back to your question --

In order to protect the infopackets web server from a DoS attack, 6 keys are generated and appear in random order from the pull-down menu each time someone accesses the 'contact' page. Once the correct key is chosen and the submit button is clicked, the 'comments' program accepts the web-form input (I.E. feedback from visitors) and delivers the email to me.

If the incorrect key is chosen, the 'contact' program reports an error message and no further harm is done -- ultimately, preventing a DoS attack. Had the 'key selection algorithm' not been put in place, any spam robot or web site hacker could arbitrarily (and repetitively) hit the submit button on the 'contact' page, which would undoubtedly cause the web server to overload, potentially cause a crash, and flood my inbox with junk mail.

Great question -- thanks for asking!