the next page without a problem. That's why the only way that seems
feasible to me is to push an image to the client and for each request
that the client makes for an image, associate that with a unique ID that
you use kind of like a session. You know exactly what image you showed
the user to begin with by associating that unique id to one of your
images in your DB and therefore, the client must pass the appropriate
unique ID (either through session or hidden form field) and the correct
text from the image. Once submitted, you clear out the record with the
unique id from the database so the person can't submit multiple requests
with the same unique id and image text.
John
-----Original Message-----
From: Dave Watts [mailto:[EMAIL PROTECTED]
Sent: Wednesday, June 16, 2004 7:02 PM
To: CF-Talk
Subject: RE: cfmx and CAPTCHA
> > Couldn't a spider just as easily pick up a session var?
>
> Now this is where I'm not 100% sure. I have been doing some research
> and as far as I can tell it can not. I'm open to be proven wrong.
A spider is nothing more than another HTTP client. It can do anything
that any HTTP client can do, and it can't do things that HTTP doesn't
allow. So, to answer a question like this, all you have to do is ask
"can I do that with a browser". If yes, then it can be done with a
spider, and if no, it can't.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
phone: 202-797-5496
fax: 202-797-5444
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
