>> A secure hash might be what the doctor ordered. CF could send >> a hashed version of the "answer" then you could run js code >> to hash the users input before the compare. > >I haven't read the whole thread, but if you send the hash to the browser, >anybody could just see the hash and ensure that gets sent again to the >server when appropriate. > >Dave Watts, CTO, Fig Leaf Software >http://www.figleaf.com/ > >Fig Leaf Software provides the highest caliber vendor-authorized >instruction at our training centers in Washington DC, Atlanta, >Chicago, Baltimore, Northern Virginia, or on-site at your location. >Visit http://training.figleaf.com/ for more information! > >This email has been processed by SmoothZap - www.smoothwall.net
Yes, that crossed my mind. I thought that would work, but I quickly realized that you still have the answer in the page code, only in a hashed format, so a bot sends the hash and wallah the CAPTCHA is broken. I looked into AJAX this morning. I found an online tutorial and now have a little understanding of how it works, but as I was going over the tutorial, it dawned on me, since security is the reason for what I am trying to do, I should send a hashed version(of the answer), to the external .js file. I could create a hashed version of the userâs response and I would have everything I need to check the answer. OR I could just check the answer on the server, yes extra steps would be involved and the user would have to wait a little longer, but I wouldn't have the security issues. Since I created the CAPTCHA in a cfc file, the answer never left the server, and if I send the user's response to the server, well I am able to forgo all the transmitting and receiving of sensitive data over the internet. I think this is what Andrew said to do, which makes sense to me. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Create Web Applications With ColdFusion MX7 & Flex 2. Build powerful, scalable RIAs. Free Trial http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJS Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:275200 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
