> CAPTCHA is virtually never the right solution. If > a simple CAPTCHA is sufficient to protect your form, > you're not securing something immensely valuable in > an attacker's eye.
I'll respectfully disagree. You also made a great point for using it while trying to break it down. If putting a CAPTCHA on the page is enough of a deterrent that a would-be attacker goes away, then it's served its purpose. If you're concerned that a visitor might have trouble, you can always make its use dynamic. The page can assume that the visitor is legitimate, and if something "fishy" is happening from a given IP or session ID, the system can activate the CAPTCHA as a basic line of defense. It's certainly not the be-all end-all security measure, but it's enough for most situations as a first line of defense. But getting back to the original question, it's a good way to verify that the form post is coming from your original form page and not some saved version hosted somewhere else if that is your goal. Depending on the situation, it may be overkill, or it might be just right. There are many tools in our bag, and I wouldn't be so quick to dismiss CAPTCHA for certain situations if it fits the bill. -- Justin Scott | GravityFree Member of the Technical Staff 1960 Stickney Point Road, Suite 210 Sarasota | FL | 34231 | 800.207.4431 941.927.7674 x115 | f 941.923.5429 www.GravityFree.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:320613 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
