> > First, I want to reiterate an AJAX solution is probably best. > However, > > if AJAX is out of the question a secure has WILL work. Let me > clarify > > that... > > > > 1. CFC generates a CAPTCHA (EX: ABC123) > > 2. CFC hashes the CAPTCHA (EX: A6B7D8991A) > > 3. CF sends the HTTP response with the hash and a JShash() method. > > 4. Upon submit (or whatever event desired) JSHash is called passing > > > user_input_CAPTCHA. > > 5. JSHash returns a hash of user_input_CAPTCHA and it is compared to > > > the CAPTCHA hash (EX: A6B7D8991A) has sent by the CFC. > > 6a. If they match, post the form to the server (user_input_CAPTCHA > is > > sent to the server) > > 6b. If they don't match, tell the user to try again. (goto 4) > > 7. CF can hash form.user_input_CAPTCHA and verify it again. > > > > a. The unhashed CAPTCHA is never sent to the browser. > > b. The hashed CAPTCHA is never sent to the server. > > c. Considerable computing power could be user to dehash the hash so > > > that it could be input into the form and there by breaking CAPTCHA. > > > But if a spammer has that much time and expertise they are going to > > > break your system anyway. For that matter the spammer should move to > > > hacking if they have such a skill set. > > > > It is quite a bit to go through, but if AJAX is not an option a hash > > > will work. > > > > -John > > > > >> A secure hash might be what the doctor ordered. CF could send > > >> a hashed version of the "answer" then you could run js code > > >> to hash the users input before the compare. > > > > > >I haven't read the whole thread, but if you send the hash to the > > browser, > > >anybody could just see the hash and ensure that gets sent again to > > > the > > >server when appropriate. > > > > > >Dave Watts, CTO, Fig Leaf Software > > >http://www.figleaf.com/ > > > > > >Fig Leaf Software provides the highest caliber vendor-authorized > > >instruction at our training centers in Washington DC, Atlanta, > > >Chicago, Baltimore, Northern Virginia, or on-site at your location. > > > >Visit http://training.figleaf.com/ for more information! > > > > > >This email has been processed by SmoothZap - www.smoothwall. > net > > John, > I think that Ajax is the way to go (I can use it for many more things > than just this one item), however, I Know nothing about Ajax (up until > two days ago), but I did buy my first Ajax book two days ago (Ajax > Your Visual Blueprint for creating rich Internet applications) and I > am learning. I have been curious about Ajax for a while, and I now > have a good excuse to jump into it. I also received my copy of > JavaScript Bible 6e a few days ago and between the two books I am > getting a good understanding of how Ajax works and how to implement a > solution, I should have a solution to my problem soon. I will provide > the solution I come up with when I implement it. Thank you for your > help.
OFF TOPIC - I made a post a few days ago (: http://www.houseoffusion.com/groups/CF-Talk/thread.cfm/threadid:51237#275201) and it did not appear until today. Anyone ever have that happen to them, and do you know why it happens? I thought the same thing happened to my last post (failure to be submitted) so I submitted it a second time and now there is a duplicate post (http://www.houseoffusion.com/groups/CF-Talk/thread.cfm/threadid:51237#275521). I had done a refresh of my screen after about 30 seconds and the post did not show up, so I submitted it a second time. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Create Web Applications With ColdFusion MX7 & Flex 2. Build powerful, scalable RIAs. Free Trial http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJS Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:275531 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
