> Well, CAPTCHA ( http://en.wikipedia.org/wiki/Captcha) is a > pretty neat solution ( > http://www.pear.php.net/package/Text_CAPTCHA ). You can also > generate random numbers (www.php.net/rand > www.php.net/mt_rand) and combining it with this PEAR package > http://www.pear.php.net/package/Numbers_Words which is also a > good solution. The pass-string if I can call it so is best to > be kept as a session variable, since it's stored on the > server-side and the user can't view it. Storing its hash in a > cookie can be also pretty fine, but storing it in a GET > variable is more than stupid.
http://phpsec.org/articles/2005/text-captcha.html is a good primer on how to use CAPTCHA effectively HTH, Mikey -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
