6 Replies Latest reply: Jul 17, 2014 7:57 AM by tribule RSS

    Implementing CAPTCHA

    userCold9 Community Member

      Hi,

       

      Currently, the application is using Cold Fusion 9. Soon to upgrade to Cold Fusion 10 or 11.

       

      I would like to implement CAPTCHA on the login page.

       

      Is there any information on how to implement CAPTCHA in Cold Fusion?

       

       

      Thanks,

       

       

      Mike

        • 1. Re: Implementing CAPTCHA
          BKBK MVP

          You implement Captcha in Coldfusion using the cfimage tag or image functions. For more information, search the web for the words cfimage, captcha.

           

          Here is a simple example to convey the flavour:

           

          <cfimage action="captcha" text="a1%b2c">

          • 2. Re: Implementing CAPTCHA
            userCold9 Community Member

            How is the value entered in the text box matches the image shown on the page?

             

             

            Thanks,

             

             

            Mike

            • 3. Re: Implementing CAPTCHA
              BKBK MVP

              Raymond Camden's Captcha example answers any questions you may have.

              • 4. Re: Implementing CAPTCHA
                tribule Community Member

                We use simple sum captchas now e.g. "what is X+Y". Saves using cfimage tags. We find this much easier.

                • 5. Re: Implementing CAPTCHA
                  Endboss_ZA Community Member

                  tribule wrote:

                   

                  We use simple sum captchas now e.g. "what is X+Y". Saves using cfimage tags. We find this much easier.

                   

                  This is a far better strategy than the Captcha itself.

                   

                  Alternatively you can use a hidden field and not submit the form if it has any data in it (as bots generally fill in everything, hidden or not)

                  • 6. Re: Implementing CAPTCHA
                    tribule Community Member

                    I have found that bots overcome hidden fields and don't forget bots can submit to remote pages in isolation, so you should always check for submissions for referrers or IP addresses as  best practice as well. The best sort of summation (x+y) captcha is to create two random number variables  (x and y), add them together and perhaps also add another random value on to to this, also kept in memory, perhaps a application variable known only to the server, encode the whole sum (base 64 would be ok to overcome most bots, but you could hash it with better encryption functions in CF if you wanted). Then when user submits the answer, you decrypt your answer with the application variable key, and then compare them. If they match, the user is most likely human! Image captchas are a pain since they are often so complex they drive users mad.