First, I want to reiterate an AJAX solution is probably best. However, if AJAX is out of the question a secure has WILL work. Let me clarify that...
1. CFC generates a CAPTCHA (EX: ABC123) 2. CFC hashes the CAPTCHA (EX: A6B7D8991A) 3. CF sends the HTTP response with the hash and a JShash() method. 4. Upon submit (or whatever event desired) JSHash is called passing user_input_CAPTCHA. 5. JSHash returns a hash of user_input_CAPTCHA and it is compared to the CAPTCHA hash (EX: A6B7D8991A) has sent by the CFC. 6a. If they match, post the form to the server (user_input_CAPTCHA is sent to the server) 6b. If they don't match, tell the user to try again. (goto 4) 7. CF can hash form.user_input_CAPTCHA and verify it again. a. The unhashed CAPTCHA is never sent to the browser. b. The hashed CAPTCHA is never sent to the server. c. Considerable computing power could be user to dehash the hash so that it could be input into the form and there by breaking CAPTCHA. But if a spammer has that much time and expertise they are going to break your system anyway. For that matter the spammer should move to hacking if they have such a skill set. It is quite a bit to go through, but if AJAX is not an option a hash will work. -John >> A secure hash might be what the doctor ordered. CF could send >> a hashed version of the "answer" then you could run js code >> to hash the users input before the compare. > >I haven't read the whole thread, but if you send the hash to the browser, >anybody could just see the hash and ensure that gets sent again to the >server when appropriate. > >Dave Watts, CTO, Fig Leaf Software >http://www.figleaf.com/ > >Fig Leaf Software provides the highest caliber vendor-authorized >instruction at our training centers in Washington DC, Atlanta, >Chicago, Baltimore, Northern Virginia, or on-site at your location. >Visit http://training.figleaf.com/ for more information! > >This email has been processed by SmoothZap - www.smoothwall.net ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Create robust enterprise, web RIAs. Upgrade & integrate Adobe Coldfusion MX7 with Flex 2 http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJP Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:275357 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
