Women in Technology

Hear us Roar


Article:
  Securing Web Forms with PEAR's Text_CAPTCHA
Subject:   Using $_SESSION variables
Date:   2006-09-03 20:38:21
From:   Lee73
Isn't using session variables a gigantic achille's heal? It's trivial to read this with Curl (or whatever) and automate away.


I wrote an implementation recently that wrote a captcha with values 'XYZ', a hidden field with code 'ABC'. Simultaneously write to a table with two fields: ABC and XYZ. The only way the user can read XYZ is through viewing the image. It's more overhead, but less easily bypassed.

Recommended for You
 
Sign up today to receive special discounts,
product alerts, and news from O'Reilly.
Privacy Policy >
View Sample Newsletter >