provide the correct word which is never passed to the form.
e.g.
Pass MyRandomNumber = 1234567 to obfuscater to get an image with the
word 'awwwYeah' cleverly hidden behind some garbage to make it hard to
decode.
Spider has no way of knowing the 'awwwYeah' piece since all the first
page has is the image and the random number.
submit guess 'thisIsWhack' as the guess to the cfm page
Obfuscater returns false since when the second obfuscater function
looks up the word for random number 1234567 it differs from the other
function value so it fails.
Which part of this would fail?
----- Original Message -----
From: Bryan F. Hogan <[EMAIL PROTECTED]>
Date: Wed, 16 Jun 2004 17:06:35 -0400
Subject: Re: cfmx and CAPTCHA
To: CF-Talk <[EMAIL PROTECTED]>
And of course the spider can read that text and pass it to the
validateEntry function and post to your form over, and over, and over again.
Anything stored in the page can be read and posted as if it where typed
in by the user.
Adam Howitt wrote:
> A web service called Obfuscater.cfc with 2 methods:
> 1. imageType getImage(String myRandomNumber)
> This uses cfcontent to create an image based on the random number,
> pick a word to use and send it back to the browser as an image.
> 2. boolean validateEntry(String myRandomNumber, String userGuess)
> Regens the same word from part 1 with myRandomNumber and compares the
> result to the userGuess and returns true or false.
>
> myRandomNumber is passed from page to page even as text since the
> decode logic is all kept in the validateEntry piece.________________________________
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
