Hi Wez:

On Tue, Jul 20, 2004 at 08:17:04PM +0100, Wez Furlong wrote:
> I know this is just a quick measure, but isn't the whole idea to not
> emit the code in plain text on the form?  It's really very easy to
> scrape it out.

Yes, it is simple to scrape.  But, I suspect that the problem is coming 
from bots making direct POST's rather than doing a page view and then 
submitting therefrom.  Of course, I could be wrong.  Even if I'm right 
now, nothing is preventing someone from making a smarter bot.

Hmm... guess it would be a good idea to delete the CAPTCHA value from the 
session data after the form is submitted to avoid multiple submissions 
using the same value.

Thanks,

--Dan

-- 
 T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
            data intensive web and database programming
                http://www.AnalysisAndSolutions.com/
 4015 7th Ave #4, Brooklyn NY 11232  v: 718-854-0335 f: 718-854-0409

-- 
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to