Re: Calling a Coldfusion Variable From a .js File
First, I want to reiterate an AJAX solution is probably best. However, if AJAX is out of the question a secure has WILL work. Let me clarify that... 1. CFC generates a CAPTCHA (EX: ABC123) 2. CFC hashes the CAPTCHA (EX: A6B7D8991A) 3. CF sends the HTTP response with the hash and a JShash() method. 4. Upon submit (or whatever event desired) JSHash is called passing user_input_CAPTCHA. 5. JSHash returns a hash of user_input_CAPTCHA and it is compared to the CAPTCHA hash (EX: A6B7D8991A) has sent by the CFC. 6a. If they match, post the form to the server (user_input_CAPTCHA is sent to the server) 6b. If they don't match, tell the user to try again. (goto 4) 7. CF can hash form.user_input_CAPTCHA and verify it again. a. The unhashed CAPTCHA is never sent to the browser. b. The hashed CAPTCHA is never sent to the server. c. Considerable computing power could be user to dehash the hash so that it could be input into the form and there by breaking CAPTCHA. But if a spammer has that much time and expertise they are going to break your system anyway. For that matter the spammer should move to hacking if they have such a skill set. It is quite a bit to go through, but if AJAX is not an option a hash will work. -John A secure hash might be what the doctor ordered. CF could send a hashed version of the answer then you could run js code to hash the users input before the compare. I haven't read the whole thread, but if you send the hash to the browser, anybody could just see the hash and ensure that gets sent again to the server when appropriate. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! This email has been processed by SmoothZap - www.smoothwall. net John, I think that Ajax is the way to go (I can use it for many more things than just this one item), however, I Know nothing about Ajax (up until two days ago), but I did buy my first Ajax book two days ago (Ajax Your Visual Blueprint for creating rich Internet applications) and I am learning. I have been curious about Ajax for a while, and I now have a good excuse to jump into it. I also received my copy of JavaScript Bible 6e a few days ago and between the two books I am getting a good understanding of how Ajax works and how to implement a solution, I should have a solution to my problem soon. I will provide the solution I come up with when I implement it. Thank you for your help. ~| ColdFusion MX7 and Flex 2 Build sales marketing dashboard RIAâs for your business. Upgrade now http://www.adobe.com/products/coldfusion/flex2?sdid=RVJT Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:275519 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Calling a Coldfusion Variable From a .js File
First, I want to reiterate an AJAX solution is probably best. However, if AJAX is out of the question a secure has WILL work. Let me clarify that... 1. CFC generates a CAPTCHA (EX: ABC123) 2. CFC hashes the CAPTCHA (EX: A6B7D8991A) 3. CF sends the HTTP response with the hash and a JShash() method. 4. Upon submit (or whatever event desired) JSHash is called passing user_input_CAPTCHA. 5. JSHash returns a hash of user_input_CAPTCHA and it is compared to the CAPTCHA hash (EX: A6B7D8991A) has sent by the CFC. 6a. If they match, post the form to the server (user_input_CAPTCHA is sent to the server) 6b. If they don't match, tell the user to try again. (goto 4) 7. CF can hash form.user_input_CAPTCHA and verify it again. a. The unhashed CAPTCHA is never sent to the browser. b. The hashed CAPTCHA is never sent to the server. c. Considerable computing power could be user to dehash the hash so that it could be input into the form and there by breaking CAPTCHA. But if a spammer has that much time and expertise they are going to break your system anyway. For that matter the spammer should move to hacking if they have such a skill set. It is quite a bit to go through, but if AJAX is not an option a hash will work. -John A secure hash might be what the doctor ordered. CF could send a hashed version of the answer then you could run js code to hash the users input before the compare. I haven't read the whole thread, but if you send the hash to the browser, anybody could just see the hash and ensure that gets sent again to the server when appropriate. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! This email has been processed by SmoothZap - www.smoothwall. net John, I think that Ajax is the way to go (I can use it for many more things than just this one item), however, I Know nothing about Ajax (up until two days ago), but I did buy my first Ajax book two days ago (Ajax Your Visual Blueprint for creating rich Internet applications) and I am learning. I have been curious about Ajax for a while, and I now have a good excuse to jump into it. I also received my copy of JavaScript Bible 6e a few days ago and between the two books I am getting a good understanding of how Ajax works and how to implement a solution, I should have a solution to my problem soon. I will provide the solution I come up with when I implement it. Thank you for your help. ~| Deploy Web Applications Quickly across the enterprise with ColdFusion MX7 Flex 2 Free Trial http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJU Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:275521 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Calling a Coldfusion Variable From a .js File
First, I want to reiterate an AJAX solution is probably best. However, if AJAX is out of the question a secure has WILL work. Let me clarify that... 1. CFC generates a CAPTCHA (EX: ABC123) 2. CFC hashes the CAPTCHA (EX: A6B7D8991A) 3. CF sends the HTTP response with the hash and a JShash() method. 4. Upon submit (or whatever event desired) JSHash is called passing user_input_CAPTCHA. 5. JSHash returns a hash of user_input_CAPTCHA and it is compared to the CAPTCHA hash (EX: A6B7D8991A) has sent by the CFC. 6a. If they match, post the form to the server (user_input_CAPTCHA is sent to the server) 6b. If they don't match, tell the user to try again. (goto 4) 7. CF can hash form.user_input_CAPTCHA and verify it again. a. The unhashed CAPTCHA is never sent to the browser. b. The hashed CAPTCHA is never sent to the server. c. Considerable computing power could be user to dehash the hash so that it could be input into the form and there by breaking CAPTCHA. But if a spammer has that much time and expertise they are going to break your system anyway. For that matter the spammer should move to hacking if they have such a skill set. It is quite a bit to go through, but if AJAX is not an option a hash will work. -John A secure hash might be what the doctor ordered. CF could send a hashed version of the answer then you could run js code to hash the users input before the compare. I haven't read the whole thread, but if you send the hash to the browser, anybody could just see the hash and ensure that gets sent again to the server when appropriate. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! This email has been processed by SmoothZap - www.smoothwall. net John, I think that Ajax is the way to go (I can use it for many more things than just this one item), however, I Know nothing about Ajax (up until two days ago), but I did buy my first Ajax book two days ago (Ajax Your Visual Blueprint for creating rich Internet applications) and I am learning. I have been curious about Ajax for a while, and I now have a good excuse to jump into it. I also received my copy of JavaScript Bible 6e a few days ago and between the two books I am getting a good understanding of how Ajax works and how to implement a solution, I should have a solution to my problem soon. I will provide the solution I come up with when I implement it. Thank you for your help. OFF TOPIC - I made a post a few days ago (: http://www.houseoffusion.com/groups/CF-Talk/thread.cfm/threadid:51237#275201) and it did not appear until today. Anyone ever have that happen to them, and do you know why it happens? I thought the same thing happened to my last post (failure to be submitted) so I submitted it a second time and now there is a duplicate post (http://www.houseoffusion.com/groups/CF-Talk/thread.cfm/threadid:51237#275521). I had done a refresh of my screen after about 30 seconds and the post did not show up, so I submitted it a second time. ~| Create Web Applications With ColdFusion MX7 Flex 2. Build powerful, scalable RIAs. Free Trial http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJS Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:275531 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Calling a Coldfusion Variable From a .js File
First, I want to reiterate an AJAX solution is probably best. However, if AJAX is out of the question a secure has WILL work. Let me clarify that... 1. CFC generates a CAPTCHA (EX: ABC123) 2. CFC hashes the CAPTCHA (EX: A6B7D8991A) 3. CF sends the HTTP response with the hash and a JShash() method. 4. Upon submit (or whatever event desired) JSHash is called passing user_input_CAPTCHA. 5. JSHash returns a hash of user_input_CAPTCHA and it is compared to the CAPTCHA hash (EX: A6B7D8991A) has sent by the CFC. 6a. If they match, post the form to the server (user_input_CAPTCHA is sent to the server) 6b. If they don't match, tell the user to try again. (goto 4) 7. CF can hash form.user_input_CAPTCHA and verify it again. a. The unhashed CAPTCHA is never sent to the browser. b. The hashed CAPTCHA is never sent to the server. c. Considerable computing power could be user to dehash the hash so that it could be input into the form and there by breaking CAPTCHA. But if a spammer has that much time and expertise they are going to break your system anyway. For that matter the spammer should move to hacking if they have such a skill set. It is quite a bit to go through, but if AJAX is not an option a hash will work. -John A secure hash might be what the doctor ordered. CF could send a hashed version of the answer then you could run js code to hash the users input before the compare. I haven't read the whole thread, but if you send the hash to the browser, anybody could just see the hash and ensure that gets sent again to the server when appropriate. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! This email has been processed by SmoothZap - www.smoothwall.net ~| Create robust enterprise, web RIAs. Upgrade integrate Adobe Coldfusion MX7 with Flex 2 http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJP Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:275357 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Calling a Coldfusion Variable From a .js File
A secure hash might be what the doctor ordered. CF could send a hashed version of the answer then you could run js code to hash the users input before the compare. I haven't read the whole thread, but if you send the hash to the browser, anybody could just see the hash and ensure that gets sent again to the server when appropriate. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! This email has been processed by SmoothZap - www.smoothwall.net Yes, that crossed my mind. I thought that would work, but I quickly realized that you still have the answer in the page code, only in a hashed format, so a bot sends the hash and wallah the CAPTCHA is broken. I looked into AJAX this morning. I found an online tutorial and now have a little understanding of how it works, but as I was going over the tutorial, it dawned on me, since security is the reason for what I am trying to do, I should send a hashed version(of the answer), to the external .js file. I could create a hashed version of the userâs response and I would have everything I need to check the answer. OR I could just check the answer on the server, yes extra steps would be involved and the user would have to wait a little longer, but I wouldn't have the security issues. Since I created the CAPTCHA in a cfc file, the answer never left the server, and if I send the user's response to the server, well I am able to forgo all the transmitting and receiving of sensitive data over the internet. I think this is what Andrew said to do, which makes sense to me. ~| Create Web Applications With ColdFusion MX7 Flex 2. Build powerful, scalable RIAs. Free Trial http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJS Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:275200 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Calling a Coldfusion Variable From a .js File
A secure hash might be what the doctor ordered. CF could send a hashed version of the answer then you could run js code to hash the users input before the compare. Here is one site that has some JS hash algorithms. http://pajhome.org.uk/crypt/md5/ The only problem is you will need to analyze the JS code and create a CF counterpart. It would take a bit of work on your part, but I think outside of an Ajax solution it is your best bet. You will need to explain more on waht you want to do, if you processing the page at runtime the #variable# will still work. However if it is already processed and sitting on the client you will need to let us know what you want to do, programs like DWR, ajaxCFC and CFJsonService all allow for information to be returned back to the client to then do what you want to do. but your question is not specific enough to help you. On 4/13/07, Byte Me [EMAIL PROTECTED] wrote: Does anyone know how to call a Coldfusion variable from a .js file, without converting the variable in a .cfm file? Hi Andrew, I have a form that has a CAPTCHA on it, the answer to the CAPTCHA is stored in a CF SESSION variable. I use JavaScript to check the form contents being submitted, which (now includes a CAPTCHA challenge). If I convert the answer to js format(in the form), and then call it from the external .js file, that will work fine, but the problem is, I made the answer available to any bots, because it is now in the source code of the form. What I am trying to do is get the contents of the SESSION variable into the .js file, without compromising the answer. I think however it may make more sense for me to simply have the challenge in a separate template(that the user must go through first), before allowing him access the form. John, I realize I misunderstood what you said. I see what you mean and that is the same conclusion I came to. I think I will try out what you said and also try the server side checking. ~| Upgrade to Adobe ColdFusion MX7 Experience Flex 2 MX7 integration create powerful cross-platform RIAs http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJQ Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:275201 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Calling a Coldfusion Variable From a .js File
If you don't want to write out the variable into JS from within the ..cfm template, you'll need to use AJAX to get the value instead. On 4/13/07, Byte Me [EMAIL PROTECTED] wrote: Does anyone know how to call a Coldfusion variable from a .js file, without converting the variable in a .cfm file? -- mxAjax / CFAjax docs and other useful articles: http://www.bifrost.com.au/blog/ ~| ColdFusion MX7 and Flex 2 Build sales marketing dashboard RIAâs for your business. Upgrade now http://www.adobe.com/products/coldfusion/flex2?sdid=RVJT Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:275121 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Calling a Coldfusion Variable From a .js File
You will need to explain more on waht you want to do, if you processing the page at runtime the #variable# will still work. However if it is already processed and sitting on the client you will need to let us know what you want to do, programs like DWR, ajaxCFC and CFJsonService all allow for information to be returned back to the client to then do what you want to do. but your question is not specific enough to help you. On 4/13/07, Byte Me [EMAIL PROTECTED] wrote: Does anyone know how to call a Coldfusion variable from a .js file, without converting the variable in a .cfm file? ~| Upgrade to Adobe ColdFusion MX7 Experience Flex 2 MX7 integration create powerful cross-platform RIAs http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJQ Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:275123 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Calling a Coldfusion Variable From a .js File
You will need to explain more on waht you want to do, if you processing the page at runtime the #variable# will still work. However if it is already processed and sitting on the client you will need to let us know what you want to do, programs like DWR, ajaxCFC and CFJsonService all allow for information to be returned back to the client to then do what you want to do. but your question is not specific enough to help you. On 4/13/07, Byte Me [EMAIL PROTECTED] wrote: Does anyone know how to call a Coldfusion variable from a .js file, without converting the variable in a .cfm file? Hi Andrew, I have a form that has a CAPTCHA on it, the answer to the CAPTCHA is stored in a CF SESSION variable. I use JavaScript to check the form contents being submitted, which (now includes a CAPTCHA challenge). If I convert the answer to js format(in the form), and then call it from the external .js file, that will work fine, but the problem is, I made the answer available to any bots, because it is now in the source code of the form. What I am trying to do is get the contents of the SESSION variable into the .js file, without compromising the answer. I think however it may make more sense for me to simply have the challenge in a separate template(that the user must go through first), before allowing him access the form. ~| Deploy Web Applications Quickly across the enterprise with ColdFusion MX7 Flex 2 Free Trial http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJU Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:275163 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Calling a Coldfusion Variable From a .js File
I have a form that has a CAPTCHA on it, the answer to the CAPTCHA is stored in a CF SESSION variable. I use JavaScript to check the form contents being submitted, which (now includes a CAPTCHA challenge). If I convert the answer to js format(in the form), and then call it from the external .js file, that will work fine, but the problem is, I made the answer available to any bots, because it is now in the source code of the form. What I am trying to do is get the contents of the SESSION variable into the .js file, without compromising the answer. I think however it may make more sense for me to simply have the challenge in a separate template(that the user must go through first), before allowing him access the form. What I might suggest, instead, is have your javascript check to make sure that the captcha field is not empty: function checkCaptchaExists(){ if (document.getElementById(captcha_text).value != '' ){ return true; } else{ return false; } } Then you'll have your form post actions validate your captcha text against the session variable. (i.e. - cfif form.captcha_text EQ session.captcha_text/cfif) There are ways (like configuring your server to make Coldfusion process javascript pages) that you could get your session variables in your javascript file, but there are many more reasons that you would not want to do so - one big one being the way most browsers cache javascript files. Option B, if you really want to do it through javascript is to change the extension of your javascript file to .cfm. If you do that, I would suggest only putting the function in for the captcha, though as once you make it a .cfm file, browsers will not cache the contents and will reload any scripts with a .cfm extension on every page request. HTH, Jon ~| ColdFusion MX7 by Adobe® Dyncamically transform webcontent into Adobe PDF with new ColdFusion MX7. Free Trial. http://www.adobe.com/products/coldfusion?sdid=RVJV Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:275166 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Calling a Coldfusion Variable From a .js File
A secure hash might be what the doctor ordered. CF could send a hashed version of the answer then you could run js code to hash the users input before the compare. Here is one site that has some JS hash algorithms. http://pajhome.org.uk/crypt/md5/ The only problem is you will need to analyze the JS code and create a CF counterpart. It would take a bit of work on your part, but I think outside of an Ajax solution it is your best bet. You will need to explain more on waht you want to do, if you processing the page at runtime the #variable# will still work. However if it is already processed and sitting on the client you will need to let us know what you want to do, programs like DWR, ajaxCFC and CFJsonService all allow for information to be returned back to the client to then do what you want to do. but your question is not specific enough to help you. On 4/13/07, Byte Me [EMAIL PROTECTED] wrote: Does anyone know how to call a Coldfusion variable from a .js file, without converting the variable in a .cfm file? Hi Andrew, I have a form that has a CAPTCHA on it, the answer to the CAPTCHA is stored in a CF SESSION variable. I use JavaScript to check the form contents being submitted, which (now includes a CAPTCHA challenge). If I convert the answer to js format(in the form), and then call it from the external .js file, that will work fine, but the problem is, I made the answer available to any bots, because it is now in the source code of the form. What I am trying to do is get the contents of the SESSION variable into the .js file, without compromising the answer. I think however it may make more sense for me to simply have the challenge in a separate template(that the user must go through first), before allowing him access the form. ~| ColdFusion MX7 and Flex 2 Build sales marketing dashboard RIAâs for your business. Upgrade now http://www.adobe.com/products/coldfusion/flex2?sdid=RVJT Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:275181 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: Calling a Coldfusion Variable From a .js File
A secure hash might be what the doctor ordered. CF could send a hashed version of the answer then you could run js code to hash the users input before the compare. I haven't read the whole thread, but if you send the hash to the browser, anybody could just see the hash and ensure that gets sent again to the server when appropriate. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! This email has been processed by SmoothZap - www.smoothwall.net ~| Create robust enterprise, web RIAs. Upgrade integrate Adobe Coldfusion MX7 with Flex 2 http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJP Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:275185 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Calling a Coldfusion Variable From a .js File
In this case try AJAX. You can fire off an event to send the CAPTCHA string to a processing template, compare the sent string to the session variable sever-side and send back a true or false result. On 4/14/07, Byte Me [EMAIL PROTECTED] wrote: I have a form that has a CAPTCHA on it, the answer to the CAPTCHA is stored in a CF SESSION variable. I use JavaScript to check the form contents being submitted, which (now includes a CAPTCHA challenge). If I convert the answer to js format(in the form), and then call it from the external .js file, that will work fine, but the problem is, I made the answer available to any bots, because it is now in the source code of the form. What I am trying to do is get the contents of the SESSION variable into the .js file, without compromising the answer. I think however it may make more sense for me to simply have the challenge in a separate template(that the user must go through first), before allowing him access the form. -- mxAjax / CFAjax docs and other useful articles: http://www.bifrost.com.au/blog/ ~| Upgrade to Adobe ColdFusion MX7 The most significant release in over 10 years. Upgrade see new features. http://www.adobe.com/products/coldfusion?sdid=RVJR Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:275188 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Calling a Coldfusion Variable From a .js File
I agree with James, The best thing is to validate server side, whether it be anothe post to the server or via an Ajax call. On 4/14/07, James Holmes [EMAIL PROTECTED] wrote: In this case try AJAX. You can fire off an event to send the CAPTCHA string to a processing template, compare the sent string to the session variable sever-side and send back a true or false result. On 4/14/07, Byte Me [EMAIL PROTECTED] wrote: I have a form that has a CAPTCHA on it, the answer to the CAPTCHA is stored in a CF SESSION variable. I use JavaScript to check the form contents being submitted, which (now includes a CAPTCHA challenge). If I convert the answer to js format(in the form), and then call it from the external .js file, that will work fine, but the problem is, I made the answer available to any bots, because it is now in the source code of the form. What I am trying to do is get the contents of the SESSION variable into the .js file, without compromising the answer. I think however it may make more sense for me to simply have the challenge in a separate template(that the user must go through first), before allowing him access the form. -- mxAjax / CFAjax docs and other useful articles: http://www.bifrost.com.au/blog/ ~| ColdFusion MX7 by Adobe® Dyncamically transform webcontent into Adobe PDF with new ColdFusion MX7. Free Trial. http://www.adobe.com/products/coldfusion?sdid=RVJV Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:275194 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4