diff options
| author | ctrlaltca@gmail.com <> | 2011-10-02 21:13:53 +0000 |
|---|---|---|
| committer | ctrlaltca@gmail.com <> | 2011-10-02 21:13:53 +0000 |
| commit | 72dd599070900fabb1e1501a7b39067703acec35 (patch) | |
| tree | 9e38fddbdea9daddf19038b8fa4b0d2bddb142b5 /framework/Web/UI/WebControls/TCaptchaValidator.php | |
| parent | 63e50106808370c249b48796ab5d08429f2c9550 (diff) | |
Added TReCaptcha control (ticket #345) and added a notice about the lack of security of TCaptcha (ticket #344)
Diffstat (limited to 'framework/Web/UI/WebControls/TCaptchaValidator.php')
| -rw-r--r-- | framework/Web/UI/WebControls/TCaptchaValidator.php | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/framework/Web/UI/WebControls/TCaptchaValidator.php b/framework/Web/UI/WebControls/TCaptchaValidator.php index 7854b639..b01cd786 100644 --- a/framework/Web/UI/WebControls/TCaptchaValidator.php +++ b/framework/Web/UI/WebControls/TCaptchaValidator.php @@ -4,7 +4,7 @@ *
* @author Qiang Xue <qiang.xue@gmail.com>
* @link http://www.pradosoft.com/
- * @copyright Copyright © 2005-2011 PradoSoft + * @copyright Copyright © 2005-2011 PradoSoft
* @license http://www.pradosoft.com/license/
* @version $Id$
* @package System.Web.UI.WebControls
@@ -16,6 +16,10 @@ Prado::using('System.Web.UI.WebControls.TCaptcha'); /**
* TCaptchaValidator class
*
+ * Notice: while this class is easy to use and implement, it does not provide full security.
+ * In fact, it's easy to bypass the checks reusing old, already-validated tokens (reply attack).
+ * A better alternative is provided by {@link TReCaptchaValidator}.
+ *
* TCaptchaValidator validates user input against a CAPTCHA represented by
* a {@link TCaptcha} control. The input control fails validation if its value
* is not the same as the token displayed in CAPTCHA. Note, if the user does
|