-
Notifications
You must be signed in to change notification settings - Fork 2
Security
Sepehr0Day edited this page Jun 13, 2026
·
1 revision
- Keep answers and puzzle solutions server-side.
- Never expose target coordinates or Maze paths to an untrusted client.
- Use short-lived challenge identifiers.
- Expire challenges after use or after a short timeout.
- Rate-limit generation and verification endpoints.
- Do not treat CAPTCHA as a replacement for authentication or abuse controls.
Report vulnerabilities through GitHub Security Advisories.
- Home
- Installation
- Quick-Start
- Configuration
- Core-API
- Generator-API-Reference
- Core-Utilities
- Supported-CAPTCHAs
- All-Examples
- Text-and-Media-CAPTCHAs
- Logic-CAPTCHAs
- Image-CAPTCHAs
- Selection-CAPTCHAs
- Puzzle-CAPTCHAs
- Visual-Reasoning-CAPTCHAs
- Tkinter-Examples
- Web-Integration
- Architecture
- Creating-a-Generator
- Security
- Publishing
- Migration-to-2.0
- FAQ