diff options
| author | sthollmann <stefan@webionate.de> | 2013-03-27 10:46:19 +0100 |
|---|---|---|
| committer | sthollmann <stefan@webionate.de> | 2013-03-27 10:46:19 +0100 |
| commit | 164af1f9676230a557beed2de7bf7c5d5d7a95aa (patch) | |
| tree | 8ebb3baf3920f23410742bf0dc6100306e8fe0ae /guides/source/security.md | |
| parent | 1595ab6c892a3a32d78c2142aacf83960e956b33 (diff) | |
| download | rails-164af1f9676230a557beed2de7bf7c5d5d7a95aa.tar.gz rails-164af1f9676230a557beed2de7bf7c5d5d7a95aa.tar.bz2 rails-164af1f9676230a557beed2de7bf7c5d5d7a95aa.zip | |
ReCAPTCHA plug-in link now points to Github repo. Plug-in is no longer available at the previous location
Diffstat (limited to 'guides/source/security.md')
| -rw-r--r-- | guides/source/security.md | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/guides/source/security.md b/guides/source/security.md index 769bd130be..d56ce47b3c 100644 --- a/guides/source/security.md +++ b/guides/source/security.md @@ -432,7 +432,7 @@ Depending on your web application, there may be more ways to hijack the user's a INFO: _A CAPTCHA is a challenge-response test to determine that the response is not generated by a computer. It is often used to protect comment forms from automatic spam bots by asking the user to type the letters of a distorted image. The idea of a negative CAPTCHA is not for a user to prove that he is human, but reveal that a robot is a robot._ -But not only spam robots (bots) are a problem, but also automatic login bots. A popular CAPTCHA API is [reCAPTCHA](http://recaptcha.net/) which displays two distorted images of words from old books. It also adds an angled line, rather than a distorted background and high levels of warping on the text as earlier CAPTCHAs did, because the latter were broken. As a bonus, using reCAPTCHA helps to digitize old books. [ReCAPTCHA](http://ambethia.com/recaptcha/) is also a Rails plug-in with the same name as the API. +But not only spam robots (bots) are a problem, but also automatic login bots. A popular CAPTCHA API is [reCAPTCHA](http://recaptcha.net/) which displays two distorted images of words from old books. It also adds an angled line, rather than a distorted background and high levels of warping on the text as earlier CAPTCHAs did, because the latter were broken. As a bonus, using reCAPTCHA helps to digitize old books. [ReCAPTCHA](https://github.com/ambethia/recaptcha/) is also a Rails plug-in with the same name as the API. You will get two keys from the API, a public and a private key, which you have to put into your Rails environment. After that you can use the recaptcha_tags method in the view, and the verify_recaptcha method in the controller. Verify_recaptcha will return false if the validation fails. The problem with CAPTCHAs is, they are annoying. Additionally, some visually impaired users have found certain kinds of distorted CAPTCHAs difficult to read. The idea of negative CAPTCHAs is not to ask a user to proof that he is human, but reveal that a spam robot is a bot. |