On Tue, 24 Aug 2004, Jose Alves de Castro wrote:
One thing that could be done was to have the page with the form generate the hidden field in a way that only the script could validate it...
But that's exactly the problem I'm talking about -- what would that solve? The machinery to do that well would be complicated & bug-prone, and for what? It doesn't seem to solve any real problem.
If you really want to keep out robots, try doing the randomly generated, distorted text images that some web sites are using these days. Note that I'm not actually sure how to implement one of these things in Perl, but I'm sure it can be done, and it's the only anti-robots solution I've seen that seems to make any sense at all -- it's not *that* complicated, it is easy to understand, and it should be highly effective.
But that said, it's still much more complicated than just validating the form data and accepting that with some degree of faith. For most things, I could live with that just fine; if you really need to be sure and you really need to keep people on a fixed path, then think about bringing in a more complex solution to the problem, but don't do that if you don't need to.
-- Chris Devers
-- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] <http://learn.perl.org/> <http://learn.perl.org/first-response>
