I agree with James, The best thing is to validate server side, whether it be anothe post to the server or via an Ajax call.
On 4/14/07, James Holmes <[EMAIL PROTECTED]> wrote: > > In this case try AJAX. You can fire off an event to send the CAPTCHA > string to a processing template, compare the sent string to the > session variable sever-side and send back a true or false result. > > On 4/14/07, Byte Me <[EMAIL PROTECTED]> wrote: > > > I have a form that has a CAPTCHA on it, the answer to the CAPTCHA is > stored in a CF SESSION variable. I use JavaScript to check the form contents > being submitted, which (now includes a CAPTCHA challenge). If I convert the > answer to js format(in the form), and then call it from the external .js > file, that will work fine, but the problem is, I made the answer available > to any bots, because it is now in the source code of the form. What I am > trying to do is get the contents of the SESSION variable into the .js file, > without compromising the answer. I think however it may make more sense for > me to simply have the challenge in a separate template(that the user must go > through first), before allowing him access the form. > > -- > mxAjax / CFAjax docs and other useful articles: > http://www.bifrost.com.au/blog/ > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| ColdFusion MX7 by AdobeĀ® Dyncamically transform webcontent into Adobe PDF with new ColdFusion MX7. Free Trial. http://www.adobe.com/products/coldfusion?sdid=RVJV Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:275194 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
