We are a small, intelligent App development studio. We love "Building Amazing Apps", solving problems and cultivating strong relationships with our clients.
Reactions
uswaretech
16th July, 2009
http://bit.ly/JzS9f New post. Captcha best practices.
This comment was originally posted on Twitter
Recent Articles
- Deploying django using docker
- Common testing scenarios for Django app.
- Logging in Django
- Serving static files in Django
- Two Scoops of Django: Review
- Introduction to Python Workshop on February 15th, 2013
- Easy client side form validations for Django: Django Parsley
- MoreApps - Android Library Project: Open Sourced
- Tutorial: Building a Chrome app
- Password Generator App: Open Sourced
About Agiliq
Topics
Archives
- June 2013
- April 2013
- March 2013
- February 2013
- January 2013
- November 2012
- October 2012
- September 2012
- July 2012
- June 2012
- May 2012
- April 2012
- March 2012
- February 2012
- January 2012
- December 2011
- October 2011
- September 2011
- July 2011
- June 2011
- April 2011
- February 2011
- January 2011
- December 2010
- November 2010
- October 2010
- September 2010
- June 2010
- April 2010
- March 2010
- January 2010
- December 2009
- November 2009
- October 2009
- September 2009
- August 2009
- July 2009
- June 2009
- April 2009
- March 2009
- February 2009
- November 2008
- October 2008
- June 2008
- May 2008
- April 2008
On Captcha
By : Shabda Raaj
When building public facing websites, spam is a real problem. Captcha has been teated as the first line of defence aginst this problem. If you must use captcha, here are some best practices working with them.
Can you do without one?
A lot of places captcha's are put to filter spam in user generated comment. One of the largest sources of UGC is comments on wordpress blogs. They do not use a captcha, and instead pass all comments through Akismet to verify which comments are spam, and reject the spams. In many cases, such a system would work for you.
Can you use a simpler alternative?
Unless you run a site with millions of monthly users, the spammers are not going to write a bot specifically for youur site. So if you have a text question asking "what is 2 + 2", the bots are not going to get past that, as the question is unique to your site. Of course, gmail/yahoo can not use this approach, as bots get written for them specifically, but for you site it might.
This proposed approach has been called SAPTCHA and anecdotal evidence suggests that it works very well in practice.
Prefer recaptcha
Recaptcha is an existing implementation of captcha, which allows you to plug in a captcha system, to your existing pages. Using this over home grown captcha's offers advantages like
Provide alternate means of validation to visually impaired people.
This might be in the form of an audio captcha, an option to email the administrator.
Do captcha validation only once
This seems so obvious, and yet many sites require you to complete captcha multiple times, in case of any error in the form. Once an user has completed captcha, the form must be displayed without captcha in case of errors.
If you use Django, these are already very easy to use with existing apps.
You should follow me on twitter here.
Related Posts
Can we help you build amazing apps? Contact us today.