Closed ajahangard closed 1 year ago
rate limiting
, you can use the AbsoluteExpiration parameter to control the refresh frequency of the captcha.Compare
attribute is not mandatory. It will make the whole process nicer, but you can omit it and then do the comparison manually on form's submit (if (userLoginViewModel.CaptchaText.Equals(userLoginViewModel.EnteredCaptcha)){}
). Now if the inputs don't match, redraw the captcha with the new data.Yes, I think the third statement is the solution. One should not use Compare
to validate.
Thank you
Hi,
I think there is a security issue with this implementation. Captcha image should change on invalid input so the user be unable to try multiple times. In your demos, there are samples of Captchas to sum two numbers. It's easy to pass the validation by brute forcing because the image captcha value does not change on invalid input.