Copy link to clipboard
Copied
Hi,
Currently, the application is using Cold Fusion 9. Soon to upgrade to Cold Fusion 10 or 11.
I would like to implement CAPTCHA on the login page.
Is there any information on how to implement CAPTCHA in Cold Fusion?
Thanks,
Mike
tribule wrote:
We use simple sum captchas now e.g. "what is X+Y". Saves using cfimage tags. We find this much easier.
This is a far better strategy than the Captcha itself.
Alternatively you can use a hidden field and not submit the form if it has any data in it (as bots generally fill in everything, hidden or not)
Copy link to clipboard
Copied
You implement Captcha in Coldfusion using the cfimage tag or image functions. For more information, search the web for the words cfimage, captcha.
Here is a simple example to convey the flavour:
<cfimage action="captcha" text="a1%b2c">
Copy link to clipboard
Copied
How is the value entered in the text box matches the image shown on the page?
Thanks,
Mike
Copy link to clipboard
Copied
Raymond Camden's Captcha example answers any questions you may have.
Copy link to clipboard
Copied
We use simple sum captchas now e.g. "what is X+Y". Saves using cfimage tags. We find this much easier.
Copy link to clipboard
Copied
tribule wrote:
We use simple sum captchas now e.g. "what is X+Y". Saves using cfimage tags. We find this much easier.
This is a far better strategy than the Captcha itself.
Alternatively you can use a hidden field and not submit the form if it has any data in it (as bots generally fill in everything, hidden or not)
Copy link to clipboard
Copied
I have found that bots overcome hidden fields and don't forget bots can submit to remote pages in isolation, so you should always check for submissions for referrers or IP addresses as best practice as well. The best sort of summation (x+y) captcha is to create two random number variables (x and y), add them together and perhaps also add another random value on to to this, also kept in memory, perhaps a application variable known only to the server, encode the whole sum (base 64 would be ok to overcome most bots, but you could hash it with better encryption functions in CF if you wanted). Then when user submits the answer, you decrypt your answer with the application variable key, and then compare them. If they match, the user is most likely human! Image captchas are a pain since they are often so complex they drive users mad.