Coding Horror: Captcha Control Coda

Captcha Control Coda

November 8, 2004

I finally bit the bullet and formatted my ASP.NET CAPTCHA server control as a CodeProject article. This version of the control has a few significant improvements over the last version:

Optimized with use of HttpModule and Cache objects
Removed ViewState for Captcha text (this isn't secure, doh)
Added .CaptchaChars property for specifying characters used in random CAPTCHA text.

This has been through quite a bit of testing and refinement, and should be considered final-- for now anyway. If I update it any further, I'll do so through the CodeProject article, so leave comments there if you have any.

Posted by Jeff Atwood

« The Cost of Complexity

You'll Never Have Enough Cheese »

6 Comments

Isn't storing the text in the ViewState with ViewStateMac enabled and possibly "ViewStateKey" set - "secure enough?"

Scott on November 10, 2004 1:03 AM

I've implemented your stuff for Comment Spam on my blog:
http://www.hanselman.com/blog/PermaLink.aspx?guid=99b2e3e9-5597-4883-a015-d77c3246a2a8

Scott Hanselman on November 10, 2004 7:09 AM

Yeah, I saw it on your blog before I saw it on my own. Enjoy ;)

Jeff Atwood on November 10, 2004 10:20 AM

Isn't storing the text in the ViewState with ViewStateMac enabled and possibly "ViewStateKey" set - "secure enough?"

Possibly, but sending "secure" stuff to the client is just inviting problems. I'm already storing an entire .CaptchaImage in the .Cache so it made sense to keep it all together, anyway.

Jeff Atwood on November 10, 2004 10:21 AM

I have used it in a child page.
Its works fine.
But it fails if i have an update panel with a timer on to the page the updatepanel.
The Captha displayed remains same but the isValid fails.

Sandeepan Kundu on May 2, 2008 9:10 AM

But it fails if i have an update panel with a timer on to the page the updatepanel.
http://masterstroyki.ru/

Oskar on February 7, 2009 2:00 AM

The comments to this entry are closed.