Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Is it reasonable (or secure) to validate CAPTCHA via ajax?
I want place a sign up form without any page reload. Is it secure? (I am using Validation[1] and Form plugins)
[1] http://bassistance.de/jquery-plugins/jquery-plugin-validation/
You cannot rely on JavaScript to secure anything. You can use it as a first-pass, but you still need to do the captcha validation on the server (as it appears you are planning to do). For example, see: http://www.howtocreate.co.uk/tutorials/javascript/security
My concern with a full AJAX solution (no page reloads) is that it will likely be possible for a user to bypass the return value from the POST-back and continue going even if the captcha is invalid. But you can keep track of any captcha failure in a server session and double-check the result at the end of your sign up form, since eventually everything will be done server-side. If the captcha was never valid, then you would have to deny the signup regardless of any other data that you have received from that client.