CAPTCHA options

[jimoblak]

If I set my form to only accept input from itself via a page referrer check, is there a need for CAPTCHA image to prevent form spamming?

Or from the other way around, how would someone spoof the referring/requsting page to make it look like the original form?

I'm lost on the need for CAPTCHA if a form script ca be set to only process its own referral.

 

[sleipnir214]

What will your script do when it encounters an input from a web browser that does not send referer logging to your server? In Opera, for example, I can toggle referer logging with only two keystrokes -- and I generally leave it set to "off".



Want the best answers? Ask the best questions! TANSTAAFL!

 

[jimoblak]

The script will die without referrer input. It is designed for a small set of users that will not be tinkering with their browser settings. They will also be connecting from a single IP address for each session. I am trying to make this a painless as possible for the end user.

I guess I am wondering how the referring page and IP address could be faked to abuse a PHP script that checks for these.

 

[sleipnir214]

Well, as I have pointed out, the referring page value is completely arbitrary. All a hostile program would have to do is send the right HTTP header.



Want the best answers? Ask the best questions! TANSTAAFL!