The project I'm working on is a piece of static HTML with some built-in JavaScript that will call the REST web service, which I create myself using .NET 3.5 WCF.
JavaScript will receive some information from the user, including the email address, and then send this data to the web service through Ajax. Then the web service will save the data in the database.
Since this is a web service, I am sure it will be stateless.
However, the requirement for the project is that front-end JavaScript must also do captcha to prevent spamming.
The site itself will only work for a few weeks (maximum 6 weeks), and I do not think that there is enough time for any potential attackers to be serious about demolishing the site.
For this reason, I considered the possibility of creating a fully client quotation mark, since the traditional captcha requires stateful sessions.
However, I am curious to know what security measures will usually be implemented in a stateless environment, or if someone believes that I am mistaken that checking based on client-side feedback is sufficient.
source
share