I am trying to integrate Adobe Signature in PDF where end user can sign it on browser itself, I want his/her hand written signature on it. End user will use his/her mouse to draw the signature. This PDF creation is written in PHP and application contains Adobe APIs.
I referred to the Handwritten Adobe page and Adobe tags
I have also referred to Stack 1 and stack 2, not matching to my requirement.
I was able to sign the custom runtime generated PDF document using {{Sig_es_:signer1:signature}}
I checked it at several places including Stackoverflow, but i cant find any such reference document which can guide me to code for hand written signatures. i also need to understand if Hand written signatures have any limitation or drawbacks or any privacy/security issues.
Let me know if anyone knows How to proceed on this.
Draw a signature with a mouse? That will not work. I can't do that. A finger on a phone would work better. Still clumsy, but better.
Drawn signatures are old fashioned in the digital world, and require complex verifiable encryption. You would have to prove that the digital copy you have, was indeed drawn within the exact document it appears in. Digital things can, after all, be copied easily. Whenever there's a dispute you would have to prove that the signature is an inherent part of the unchangeable digital document. This is far more difficult than it seems at first. That's why it is usually quite expensive.
I would strongly advice to not go down this road. Find another solution.
You haven't explained what you want to use the signature for, which makes it difficult for me to suggest another solution, so I won't.
Re:
i also need to understand if Hand written signatures have any limitation or drawbacks or any privacy/security issues.
Yes, there are lots of limitations and drawbacks. You need to consider the issues of forgery (someone else signing as me, Larry) and non-reputability (I signed it but later claim that it wasn't me. How do you prove that it was Larry who signed it?)
There's also the overall context of the signature: what is the value of the agreement? What are the consequences of not being able to prove that the right person did sign the document?
Adobe Sign (and their competitors) have answers to all of the above. eSignatures are far more complicated than just getting something that looks like the person's signature on the PDF.
Pro-tip: how the signature looks on the PDF is the least important part of the process.
Related
I'm currently working on a personal project for decoding a text or any object in an image.
I'm using GD library for processing image. I have access to every pixel of image and its rgb color.
My question is not about coding,I'm just looking for an algorithm to decode image,or any advise for how to do that and I don't want to use any API, I want to do it by myself.
I know that php has a face detection library, but it only recognizes faces in image, and I don't know how it does that .
for start, I assume that the object is white and the background is black (or any separate colors) .
summary : How can I define an object or a word for a php program and train it to recognize it from a picture?
You have some api which decode simple captcha like this.
Check this link : Captcha Decoded
And try with this api : http://www.opendecoder.com/api, there are many API if you search on google
The process you are trying to implement is called “optical character recognition” and there is some free software available and doing this. With this expressions, you may find more information.
You did not specify the kind of software component you are looking far, so it is hard to be more specific.
This is usually an error-prone process, but you might get better results if you can make regularity assumptions on your input, especially if you already know which character types are used in your input.
Useful starting points could be
http://jwilk.net/software/ocrodjvu
http://unpaper.berlios.de/
If converting to DJVU and using python on a UNIX system is an option for you, you might consider a the first link as a solution. Otherwise you may use the various tools supported by ocrodjvu to start your research. The second is more about pre-processing you might want to do before OCR but still might be useful if you want to implement your own procedure.
Actually I'm developing a Chrome extension and a jQuery plugin to upload it and sell it on Codecanyon. When I "Inspect source" of the page and I click on the "Resources" tab, the javascript file looks empty. How does Codecanyon do that? I want to have file theft prevention in my own website too, but I don't know how to do it. I know php and javascript and there's no method to do it, because the browser downloads the file to execute it.
You can see the example here.
You cannot hide it because your browser needs it to perform it. Simple as that.
You need to understand that it is a script executed on the client side. It is not compiled (meaning it's not a binary (0 and 1 machine language)). So it is freely readable.
Nevertheless you can obfuscate it using tools like YUI compressor
Basically this kind of tools remove extra spacing, tabs line returns and rename methods (like method "a" standing for "MyShinyMethodWhoMakesNiceStuff") and variables. That makes it very difficult to read and understand code. Reverse engineering is thus harder to achieve.
Some uses some tricks like base64 or other encode and decode part of code with a function but it's only tricks and will not fool the sharp eye.
By obfuscation, you make people spend much more time in analyzing your code and stealing is thus much more complex, and takes time. Let's say you made a nice javascript plugin that makes every white background in purple (ok, not so great example but used it just for having an imaged example). Somebody might want to steal it and makes it blue instead of purple. If code is obfuscated, he might think that's easier to copy your idea and rewrites it on his own with his own code and blue background, it will takes him less time than reverse engineers and understanding wells yours, easier to maintain in the time too. In the end he will "only" "steal" your idea but not your code.
I think that in the end, it's just a matter of time.
If you see it's empty, it means that it's empty. There is no way to hide your javascript code from a client that must execute the code.
You can only try to make it less readable (through minifiaction and obfuscation), but the code is still tranferred and it can be reverse engineered.
The actual code in your example is downloaded with the jquery.js file.
On JavaScript "protection" - basically what everyone else said.
Explaining the example you provided:
Indeed, http://demos.pixelworkshop.fr/circular_countdown_cc/js/countdown.min.js appears to be empty, however the actual plugin code is appended to the jquery.js file, starting at line 58:
http://demos.pixelworkshop.fr/circular_countdown_cc/js/jquery.js
You can use this javascript obfuscator tools:
http://www.javascriptobfuscator.com
http://www.daftlogic.com/projects-online-javascript-obfuscator.htm
If you're licensing the code on a per-site basis, I would suggest domain locking your javascript as well.
You can do this yourself by simply checking the window.location somewhere in an encrypted file. This isn't going to be very secure, but for 90% of users who just drop a script into a directory and hope it works, it will provide some level of deterrent.
You can also use https://domainlockjs.com (free) to easily lock scripts to domains. This is a slightly better solution because DomainLockJS throws hard to trace errors and is much harder to debug.
A more complicated approach would involve using an Ajax script injection, and allowing specific domains to access the script / not trigger an XSS error. This is the hardest to set up, but if you inject a large amount of js, it might be the hardest to get around.
All of these can be circumvented by a skilled coder though... you're only making things difficult, not impossible.
Liblock is a small tool built by myself. It encrypts your JS-sources - it's no simple obscurity by obfuscation, but good security by encryption.
When you inspect the DOM in your client, all you'll see is: nplreq(url) for each script that you bind into HTML head.
See how it works here liblock-demo - this is a demo only for hiding the scripts in "nopro_lib" and "xscroll.js".
Encryption and decryption are totally transparent to the browser. It is tested with Firefox, Chrome, Opera, Konqueror, IE8-10 on PC, and with Dolphin and Safari on an Android tablet.
The sources are securely hidden, and only with really great efforts they may be layed open again. Encryption is done with AES (Rijndael 256) using one-shot-keys which are negotiated between client and (liblock-)server using Diffie-Hellman.
I'm looking for a way to create a QR Code and a shortened link when a form is submitted. I have the QR Code bit, but the link is too long for me and the QR Code looks scary and complicated. The way it works is; the user types in (in this instance) a contract number. Then, a folder is created on the server of that contract number. (www.mysite.com/QR/$contractnumber). Then, using PHP again, I create a QR Code through Google because I know that every QR code will be linking to the same place, just a different ending of the link. The only bit that changes is the $POST...
I was wondering if there was a way to shorten the link before it goes to Google? It would have to be through php. The user enters the contact number in the form, then that number(usually around 5/6 digits) will be entered into a already existing command? I'm not an expert in anything, I just know some really random snippets of code... And HTML and CSS, of course.
Any help would be appreciated and judging by the few days I have been searching this, I think it might help a few people in the future. I would also like to confirm that the solution can't be one of this visual URLShorteners. If it is, it just needs to be the back-end of it, built into a existing form and QR Generator. Simple?
We had a similar challenge with one of our internal apps, and since any shortcut system (that I know of) relies on a database to translate what the short url really means , we opted to start our work from something that had already been done, rather than re-invent the wheel and based our solution on yourls.org.
We installed that, and populated the database from within our PHP, not really using the provided interface for anything except testing and it's statistics. It's reasonably flexible, and while it does need some standards improvement, the core code that we were interested in (as you would be) was sound, and worked very well for us.
It sounds like you might be able to use the TagLabs solution. Check out the developer site; developer.taglabsinc.com and create a free account at portal.taglabsinc.com. The platform will create the QR Code and shortened url. You can manually create the QR Codes or leverage the API.
For what it's worth, that's exactly what a.zat.is for. Disclaimer: I made it.
I have seen some captchas being decode using javascript, php, etc. How do they do it?
For example, very popular megaupload site's captcha has also been decoded.
I'm an image processing specialist and CAPTCHA decoder, I've done many CAPTCHA resolving projects before.
OK, let's start CAPTCHA resolving steps!
Decoding any kind off CAPTCHA has 3 main steps:
1- Removing background
Clear the CAPTCHA from any noise (using any image processing methods).
Note for captcha decoding fighter: If you want to have a good CAPTCHA, you should add a stronger noise. Use random noised background that has similar color of characters.
2- Splitting characters
Easy step when they are separate and very hard when they're not.
*Note for captcha decoding fighter: If you want to have a good CAPTCHA, don't leave the character separate! Make them overlapping, do NOT use different colors for characters, decoders can split the characters very easily! (most of the developers are unaware of this and think it's better to use a colorful CAPTCHA!), the best one is making an overlapping string with black color. For an experienced CAPTCHA decoder, it's not a problem to decode a colorful CAPTCHA! It's just beautiful and not useful! :) Use random curved lines witch connect all characters to each other. *
3- Converting separate images into character
After separation, we have a character set, (we don't have any string now, just have images and pixels), we should convert character images into string, But how?!
There are several ways, if they are not rotated, and have fixed font and size (such as freeglobes CAPTCHA), you can define a pattern set, your program should loop throw the patters to find the best match for each image, if the characters is very different and needs a large pattern you should use a "Neural Network" to recognize the character. A neural network for CAPTCHA resolving, will takes a character, and we say the network what this character is, for example, we will give it an image of "A" and we tel the NN: it's "A"! , then it will "LEARN" this character and will save its learning into a database, This procedure called "TRAINING". So, when we ask a trained network for a new character again, it will return us the best match from it's learning database.
Usually decoder specialists use the CAPTCHA itself to train the neural network. Be careful! Using appropriate data for training can make or break your results.
Note for captcha decoding fighter: If you want to have a good CAPTCHA, use any method witch a decoder can't recognize the characters, even with a Neural network. Deform the characters randomly, use many fonts instead of one and rotate the characters as well, etc.
Finally, we concatenate all single characters into one and return it as result.
Unfortunately, there are no fixed algorithm for solving any CAPTCHA, it means, new CAPTCHA needs new analysis and training. You can't make a CAPTCHA decoder to decode all CAPTCHA.
What should you know before starting:
1- Image processing fundamentals
2- General understanding of a Neural Network
3- Simple image processing functions (in any language)
For PHP:
imagecreate()
imagecreatetruecolor()
imagecolorat()
imagecolorsforindex()
imagesetpixel()
.
.
.
For .NET:
Bitmap type,
getPixel()
setPixel()
.
.
.
For JavaScript and HTML5:
You should know the Canvas very well.
Lastly:
Note for captcha decoding fighter: If you are wonder about how someone can decode a CAPTCHA and want to prevent it from decoding, you should first be a CAPTCHA decoder yourself or hire someone knows the weakness and attacking algorithm very well!
Hope to help! ;)
See:
OCR and Neural Nets in JavaScript
Here John Resig (creator of JQuery javascript library) explains how exactly it is been done.
Take a look at PWNtcha
You can also read Breaking a Visual CAPTCHA
I was involved in a project to circumvent Captcha images on the TicketMaster website about 8-9 years ago for a third-party ticket seller. When an event went on-sale, like a concert, our network of machines would use multiple credit cards and mailing addresses to buy any and every seat possible in the first 10 rows.
Rather than generating new captcha's each time, TM had a limited pool of images they could re-use. We'd create a unique digital fingerprint (checksum) for each image, then simply attack it with some imaging tools (LEADTOOLS.com) (to remove extraneous elements, enhance contrast, etc) and then use OCR tools. It was surprisingly effective.
We were able to crack a great number programmatically, and we'd store the ones we couldn't crack for human processing. Sometimes they'd have a pool of 20K images, so at first we'd get maybe 60-70% automatically, but eventually we'd get 100% success because we could identify the images our humans processed (offline) based on looking up their hash in our database. (That is, we could check a captcha image against our database based on the hash we created and if we already had the solution we could just submit the answer immediately.)
Occasionally, they'd flush and replace their pool of captcha image images with a new set, but again, it would just take us a bit of time to get back up to a 100% rate. The fatal flaw with this particular system was that they recycled images, rather than programmatically generating new captcha images each time.
But the fact is, if the financial incentive to crack the capthcha is high enough, it doesn't take much to create a distributed platform where low-wage unskilled workers can sit around earning pocket change to crack them all day.
Inside India's CAPTCHA solving economy
http://www.zdnet.com/blog/security/inside-indias-captcha-solving-economy/1835
There are services for recognition. Such as 2captcha. This is a tool for solving php https://github.com/jumper423/decaptcha/
I currently ran into the issue that I do not have the money to buy/rent any professional captchaing service.
So I tried to look around for OS captcha generators, and captcha designs.
I also had a brief brainstorm about my own and simple captcha design.
Do you have any preferences, or can give me a good advice handling captchas in PHP without having huge perfomance leeks?
(My attempt to design a simple captcha: .pdf)
EDIT: Thanks to all of you, I am sorry for only giving one "right-answer", but +1 for every good answer ;)
I actually would suggest that rather than rolling your own you use reCAPTCHA as it is free and of very good quality (used by this site, Facebook, Craigslist etc).
It also meets your requirements in that it isn't resource intensive, as all the image generation and distortion is done on the reCAPTCHA server.
PHP examples can be found here
If you want to design your own captcha, I highly recommend you take a look at this tutorial. It goes through a basic captcha design, allowing you to alter the design of the captcha as you wish, using various PHP image modification functions.
You could alter the code to use random fonts, make each character a different size, skew the image, etc. The tutorial is to show you how a code is created, how it's used with a session, and how to actually use the image in an input form.
Leaving aside the problem of CAPTCHAs being a horrible barrier for users… ReCaptcha should solve the budgetary issues without making you reinvent the wheel.
First and foremost thing you must consider is that you captcha is not easily breakable. There are some good old captchas already breaked/decoded using javascript. For further info please visit these pages:
http://ejohn.org/blog/ocr-and-neural-nets-in-javascript/
http://blog.makezine.com/archive/2009/01/javascript_captcha_decoder.html
To generate it , like Captcha Creator is a powerful and complete PHP Captcha Script that generates Captcha Images.
The classic approach is to generate some random text, apply some random effects to it and convert it into an image.