阿贾克斯CAPTCHA验证 [英] Ajax CAPTCHA validation
问题描述
是否合理(或安全)通过AJAX验证验证码? 我想放置一个注册表格,没有任何页面重载。是否安全? (我使用的验证[1]和表格插件)
Is it reasonable (or secure) to validate CAPTCHA via ajax? I want place a sign up form without any page reload. Is it secure? (I am using Validation[1] and Form plugins)
[1] http://bassistance.de/jquery-plugins/jquery-插件验证/
推荐答案
您不能依赖于JavaScript,以确保任何事情。您可以使用它作为第一个通,但你仍然需要做验证码验证服务器上(因为它似乎你打算做什么)。例如,请参见:<一href="http://www.howtocreate.co.uk/tutorials/javascript/security">http://www.howtocreate.co.uk/tutorials/javascript/security
You cannot rely on JavaScript to secure anything. You can use it as a first-pass, but you still need to do the captcha validation on the server (as it appears you are planning to do). For example, see: http://www.howtocreate.co.uk/tutorials/javascript/security
我的一个完整的AJAX溶液(无页面重载)关心的是,它可能会是可能的,用户绕过从POST靠背上的返回值,并继续将即使验证码是无效的。但是,你可以跟踪任何验证码失败的一个服务器会话,并在您的申请表格最后仔细检查结果,因为最终一切都将进行服务器端。如果验证码是永远有效的,那么你就必须拒绝注册,无论您从该客户端收到任何其他数据。
My concern with a full AJAX solution (no page reloads) is that it will likely be possible for a user to bypass the return value from the POST-back and continue going even if the captcha is invalid. But you can keep track of any captcha failure in a server session and double-check the result at the end of your sign up form, since eventually everything will be done server-side. If the captcha was never valid, then you would have to deny the signup regardless of any other data that you have received from that client.
这篇关于阿贾克斯CAPTCHA验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!