[bassa]

Hello!

I have been struggling to implement a ASP-based CAPTCHA method unto my web form, but haven't gotten it working yet.

So I'm looking for perhaps an alternative way of doing this.

Here's my contact form. It's the completely regular one, where user enters his/hers username, adress, phone number, etc.:

http://www.froso.dk/test/kontakt/skriv.asp

I know absolutely nothing about ASP coding, which is likely why I haven't gotten it to work.

Perhaps there are, at least, decent alternatives using JavaScript and/or CSS instead?

If anyone could point me in the direction of how to create a secure web form using JavaScript/HTML/CSS, I'd greatly appreciate it!

Thank you!


Cheers,
Bassa

[TwoD]

Since JavaScript happens on the clientside, can be turned off, is not interpreted by robots/spiders and so on, there's really not much you can do on the client alone.

What kind of security do you need? Any prevention of malicious code being injected should of course all happen on the server, but I'm guessing you want to stop spambots?

Here's a couple of tips on how to prevent bots without using measueres visible to the visitor: Ned Batchelder: Stopping spambots with hashes and honeypots
They do require some serverside code, but there's not really a good way around that.

If nothing but clientside code is out of the question, I'd leave the action-part of the form tag empty (or rather fill it with an invalid url), then use JavaScript to fill it in when the page has loaded. That way no bot will ever be able to submit that actual form, as they don't parse JavaScript.

But of course it won't for humans who've turned of JavaScript either, and any spammer who takes the time to dig out the URL from the script can easily submit POST data directly to it.

[bassa]

Yeah, perhaps I was being a tad too vague on my request.

What I need is a simple form available on my webpage with decent anti-spam security (CAPTCHA, I guess) and with form validation.

Thanks for the link, it has some nice information.


Cheers,
Bassa