I quite often use captha codes to secure forms. Until now I check the user-entered captcha solution only on the server side for obvious reasons. For all other form fields I do a javascript validation on the client since this faster and more user-friendly. (Of course I do a second check on the server-side). But for the captcha field I just checked if it's filled out.
My question: Would it be safe to do a client-side JavaScript validation by using the hashkey (e.g. MD5) of the captcha-code? Doing it with the hashkey wouldn't reveal the captcha code itself to bots and should be quite safe, right? But maybe I am completly wrong with this idea... Thank you for your insights!
Aucun commentaire:
Enregistrer un commentaire