阿贾克斯CAPTCHA验证 [英] Ajax CAPTCHA validation

问题描述

是否合理（或安全）通过AJAX验证验证码？ 我想放置一个注册表格，没有任何页面重载。是否安全？ （我使用的验证[1]和表格插件）

Is it reasonable (or secure) to validate CAPTCHA via ajax? I want place a sign up form without any page reload. Is it secure? (I am using Validation[1] and Form plugins)

[1] http://bassistance.de/jquery-plugins/jquery-插件验证/

推荐答案

您不能依赖于JavaScript，以确保任何事情。您可以使用它作为第一个通，但你仍然需要做验证码验证服务器上（因为它似乎你打算做什么）。例如，请参见：<一href="http://www.howtocreate.co.uk/tutorials/javascript/security">http://www.howtocreate.co.uk/tutorials/javascript/security

You cannot rely on JavaScript to secure anything. You can use it as a first-pass, but you still need to do the captcha validation on the server (as it appears you are planning to do). For example, see: http://www.howtocreate.co.uk/tutorials/javascript/security

我的一个完整的AJAX溶液（无页面重载）关心的是，它可能会是可能的，用户绕过从POST靠背上的返回值，并继​​续将即使验证码是无效的。但是，你可以跟踪任何验证码失败的一个服务器会话，并在您的申请表格最后仔细检查结果，因为最终一切都将进行服务器端。如果验证码是永远有效的，那么你就必须拒绝注册，无论您从该客户端收到任何其他数据。

My concern with a full AJAX solution (no page reloads) is that it will likely be possible for a user to bypass the return value from the POST-back and continue going even if the captcha is invalid. But you can keep track of any captcha failure in a server session and double-check the result at the end of your sign up form, since eventually everything will be done server-side. If the captcha was never valid, then you would have to deny the signup regardless of any other data that you have received from that client.

这篇关于阿贾克斯CAPTCHA验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！