Thought I'd share another one with you. Last year I saw a turorial posted on LinkedIn about how to create a captcha in ASP.NET. The turorial itself wasn't that bad but it made me laugh so hard because the writer thought of a neat way to input the desired captcha code to the handler that generated the image. Guess how? In the query string. That totally defeats its purpose. How on earth did he come up with that. So much for securing your form submission through captcha. Of course when I commented about it he didn't reply. I hope no one actually used that tutorial.

  • 0
    When I did mine in .net, I generated random pass phrase and generated an asp:Image object (with the random pass phrase & random image filters) on page load.
    The answer is encrypted in a hidden form element and validated on post back.
    It works well. :)
  • 0
    Wow...there's stupid and then there is special. That is just special.
Add Comment