Hi Wez:
On Tue, Jul 20, 2004 at 08:17:04PM +0100, Wez Furlong wrote:
> I know this is just a quick measure, but isn't the whole idea to not
> emit the code in plain text on the form? It's really very easy to
> scrape it out.
Yes, it is simple to scrape. But, I suspect that the problem is coming
from bots making direct POST's rather than doing a page view and then
submitting therefrom. Of course, I could be wrong. Even if I'm right
now, nothing is preventing someone from making a smarter bot.
Hmm... guess it would be a good idea to delete the CAPTCHA value from the
session data after the form is submitted to avoid multiple submissions
using the same value.
Thanks,
--Dan
--
T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y
data intensive web and database programming
http://www.AnalysisAndSolutions.com/
4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
