I did this a while ago:-
http://www.thespanner.co.uk/2007/08/15/random-javascript-and-php-generation/
It works well most of the time. Obviously it's not a form of security as the keys are generated on the client but many spammers don't execute js in their tools. Some use browsers or have a parser but the majority don't.
I applied it to CSRF as well:-
http://www.thespanner.co.uk/2007/10/19/jsck/
------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [
www.businessinfo.co.uk]
blog : [
www.thespanner.co.uk]
Hackvertor : [
hackvertor.co.uk]
Edited 1 time(s). Last edit at 01/21/2010 02:30AM by Gareth Heyes.
