Well it is still vulnerable to using an embedded instance of MSIE to go
to site and fill in the data - IE will accept the cookies, process
javascript, click on the button... do everything a real user would. One
way to foil this embedded setup is to log mouse movements and keyboard
events with jquery and send that as well, then check on server side, but
I don't know if that would play well with mobile devices.
My 2 cents, anyway :)
On 4/26/2012 16:59, Jacob Kruger wrote:
Opinions/thoughts?:
http://docs.jquery.com/Tutorials:Safer_Contact_Forms_Without_CAPTCHAs
Basically it pulls the server time in background using an ajax call, and implements an MD5 encrypted value in a hidden field, and then you can double check the timing of form input to sort of verify that it was real time, and not a form of automated process, by a spambot/robot as such.
Only real issue here is it would require user to have cookies and javascript enabled, but anyway..?
--
http://www.rbisoftware.com/outsourcing.php
--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
