The value is encrypted in the form. The secret key, used to either decrypt or hash the value, is on the server, and not in the form.
My application does not have the concept of logged in users. mike jonknee wrote: > > How would that help if the "secret" value was in the form already? > Bots and what not would see it all the same. If you want to stop spam > posts (which is what I'm assuming you're up to) you can limit comments > to logged in users, run the data through something like Akismet, use a > CAPTCHA, etc. But obfuscating the ID is not going to accomplish much-- > if it's available in the HTML that means a bot is going to see it to. > > You're probably better off just limiting users to X comments per hour > or something. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
