New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SEC-737: Move captcha module to sandbox #976
Comments
Jon Osborn said: Luke, I’d be happy to maintain the captcha code. Jon |
Ben Alex said: Thanks for the offer to maintain the integration, although at this stage we’re going to leave it in the sandbox. The rationale for this is that the prior < 2.0.0 releases required the end user to manually compile code in order to use the integration, and as such we do not believe many (if any) users would have actually deployed the integration. Removing it therefore probably does not represent a loss to the majority of users. More fundamentally, Captcha integration with Spring Security is an ambiguous requirement. The prior integration simply required human user verification if certain request frequencies were met. Instead, most Captcha usage is embedded within a page (eg a lost password page) and therefore becomes more of an issue of designing the view/controller correctly. Such usage is out of scope for Spring Security, as it’s a web framework consideration. Additionally, the recent popularity of reCAPTCHA means any integration would need to be sufficiently generalised that it accommodates both, and for us to also address reCAPTCHA integration would represent additional time and effort. We have not a final decision to permanently leave the Captcha integration in the sandbox nor promote nor remove it. It simply requires some more consideration and design, and at this stage we need to focus on completing the namespace improvements and documentation of the many new capabilities in 2.0. Cheers |
Jon Osborn said: Ben, I’m already a committer on codehaus so maybe that is good option? Beers, |
Jon Osborn said: Luke, Ben, what about a ‘sub-project’ for spring security? |
Batbayar Bazarragchaa said: Could you please create sub project in spring or commit the code into any repository? Thanks, |
Luke Taylor(Migrated from SEC-737) said:
We’ve decided to sandbox the current captcha integration layer since the original contributor is no longer actively maintaining it.
The text was updated successfully, but these errors were encountered: