Whoops. Try this link if the one above doesn't work. https://groups.google.com/group/openbd/browse_thread/thread/67659903b6048510/9c8d27e798a82f5d
On Mar 14, 11:02 am, "Aaron J. White" <[email protected]> wrote: > Hey Guys, > > Assuming you are not using sessions. If you have a captcha on a html > form like the one mentioned by Stan in the conversation here (using a > hashed value in a hidden > input):https://groups.google.com/group/openbd/browse_thread/thread/67659903b... > > What stops a malicious person from saving your form as a .htm file on > their computer and submit the same form every time? Your action page > is just looking to see if hash(user_answer) EQ prehashed_answer. It > doesn't care if the same value has been submitted a thousand times or > where it comes from. Originally I thought Stan's answer was great and > I was thinking about implementing it in a production environment > instead of sessions, but a coworker brought this point up to me and I > didn't have an answer. > The only solution I could think of is somehow adding an encrypted > timestamp to the form, but that may not be any better. > > I can easily implement sessions if it's the only way. However, > anonymous sessions for a few simple forms on a public facing site seem > like overkill to me. > Anyone have experience implementing a captcha without sessions? > Suggestions? > > Thanks! -- online documentation: http://openbd.org/manual/ google+ hints/tips: https://plus.google.com/115990347459711259462 http://groups.google.com/group/openbd?hl=en
