Pat
-----Original Message-----
From: Burns, John D [mailto:[EMAIL PROTECTED]
Sent: Wednesday, June 16, 2004 4:29 PM
To: CF-Talk
Subject: RE: cfmx and CAPTCHA
Yes, but if that hidden form field is generated automatically and is
truly unique per user, what harm is there? Couldn't a spider just as
easily pick up a session var? After all, it has to hit the first page
to "read" the image and then post, so it could do so in the same
session.
Another good thing might be to push all of your images down using
<cfcontent> so that they all appear as "image.gif" and then it will be
harder to map an image to a correct response. However, the tax on the
server of creating dynamic images for every request seems absurd.
John
-----Original Message-----
From: Bryan F. Hogan [mailto:[EMAIL PROTECTED]
Sent: Wednesday, June 16, 2004 4:25 PM
To: CF-Talk
Subject: Re: cfmx and CAPTCHA
Ok this is the second time I have heard someone say to pass the string
in a hidden form field.
DO NOT DO IT. A spider can download the html and read that string and
pass that as the field.
Burns, John D wrote:
> It shouldn't be hard. You don't necessarily need to create the images
> on the fly. Just create a bunch of them once. Then associate the
> file name with the correct answer in the DB. Each time you display a
> file to the user, generate another unique id mapping the particular
> display to that particular user with a record from the other table
> that has the filename and correct answer. Display the image to the
> person and hide the unique id (in session or hidden form). Then when
> submitted, check that session to find out which image was passed and
> compare their response with the correct string. Remove the record
> from the DB so they can't submit multiple times with the same info.
> Just my thoughts, there may be an easier way.
_____
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
