Asymmetrical challenges for web security

What is claimed is: 1. A computer-implemented method, comprising: receiving, at a computing system, first code corresponding to a web page requested by a client computing device, the first code comprising code that, when executed, allows a user to submit a request to initiate a web transaction presented by the web page; generating second code that defines a challenge to be solved by the client computing device, the second code comprising code that, when executed, determines a valid solution to the challenge; generating modified first code corresponding to the web page by embedding the second code into the first code so that the challenge is solved when the modified first code executes, and generating a modified request by modifying the request to require values for one or more parameters that are a solution to the challenge so that submission of any request initiating the web transaction is delayed until the challenge is solved; providing, to the client computing device, the modified first code; receiving a modified request from the client computing device to initiate the web transaction, the modified request including a possible solution to the challenge comprising values for the one or more parameters; determining whether the possible solution is a valid solution to the challenge; and taking action to initiate the particular web transaction or to not initiate the particular web transaction based on whether the possible solution is a valid solution to the challenge; wherein the method is performed by one or more computing devices. 2. The computer-implemented method of claim 1 , wherein the second code, when executed, determines a valid solution to the challenge by iteratively testing different candidate values in search of values that satisfy one or more constraints associated with the challenge. 3. The computer-implemented method of claim 1 , wherein: the challenge to be solved by the client computing device is to determine a particular message that yields a pre-defined hash value when the particular message is hashed using a particular hash function. 4. The computer-implemented method of claim 1 , wherein the second code comprises at least one script that is written in JavaScript that is interpreted and executed at the client computing device. 5. The computer-implemented method of claim 1 , wherein, when the modified first code is executed at the client computing device, the client computing device determines a solution to the challenge in the background while a user interacts with the web page after the web page is loaded at the client computing device. 6. The computer-implemented method of claim 1 , wherein determining whether the possible solution is a valid solution to the challenge comprises: identifying a pre-defined output value of a function, the pre-defined output value provided to the client computing device with the second code; identifying a pre-defined value provided with the second code for a first input parameter to the function; calculating a second output value of the function using the pre-defined value for the first input parameter and the possible solution included in the request; and determining whether the pre-defined output value matches the second output value. 7. The computer-implemented method of claim 1 , wherein determining whether the possible solution is a valid solution to the challenge comprises verifying that the possible solution was generated by the client computing device within a particular period of time after the second code was provided to the client computing device. 8. The computer-implemented method of claim 1 , wherein determining whether the possible solution is a valid solution to the challenge is performed at least in part by one or more computers at an edge of a network, the one or more computers being separate and geographically remote from a web server system from which the first code was originally served. 9. The computer-implemented method of claim 8 , further comprising taking action to not initiate the particular web-based transaction, including choosing to not communicate, from the one or more computers at the edge of the network and to the web server system, the request from the client computing device to initiate the web transaction. 10. The computer-implemented method of claim 8 , wherein the second code is generated by the web server system or by a proxy computing system that is arranged as a proxy to the web server system. 11. The computer-implemented method of claim 1 , wherein the modified first code includes a reference to the second code. 12. The computer-implemented method of claim 1 , further comprising, for each of a plurality of instances of the web page to be served to one or more client computing devices, generating code that defines a challenge that is unique to the respective instance of the web page. 13. The computer-implemented method of claim 1 , further comprising re-coding the first code so as to obscure an operational design of a computing system that generated the first code, wherein the re-coding does not substantially affect a visual presentation of the web page when the modified first code is executed at the client computing device. 14. The computer-implemented method of claim 1 , wherein the web transaction presented by the web page is one of a transaction to modify a listing of items in an online shopping cart, a transaction to create an account, a transaction to login to an account, or a transaction to modify settings associated with an account. 15. The computer-implemented method of claim 1 , wherein determining whether the possible solution is a valid solution to the challenge comprises: parsing the modified request to identify a pre-defined hash value that was provided to the client computing device along with the challenge; using a pre-defined hash function to compute a second hash value based on the possible solution included in the request; and determining whether the second hash value matches the pre-defined hash value. 16. The computer-implemented method of claim 1 , wherein the possible solution is specified in a universal resource indicator (URI) of the modified request. 17. The computer-implemented method of claim 1 , further comprising: receiving a second request from the client computing device to initiate the web transaction, the second request including a second possible solution to the challenge; determining whether the second possible solution is a valid solution to the challenge; and taking action to initiate the particular web-based transaction or not to initiate the second web transaction based on whether the second possible solution is a second valid solution to the challenge. 18. The computer-implemented method of claim 17 , wherein determining whether the second possible solution is a valid solution to the challenge comprises: when the second possible solution is the same as the possible solution, determining that the second possible solution is not valid in response to a determination that the number of times that the possible solution has been received in requests exceeds a replay limit value that identifies a maximum number of times that a solution is permitted to be accepted as a valid solution to the challenge. 19. The computer-implemented method of claim 1 , wherein the modified first code does not begin working on the challenge until the user selects a control in the web page that triggers the challenge to be run. 20. A computer system comprising: one or more hardware processors;