You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
According to your example (http://code.google.com/p/kaptcha/wiki/HowToUse)
it seems that multiple guesses can be made on a single CAPTCHA image.
It could be beneficial to assign a new totally random code to the
KAPTCHA_SESSION_KEY on failure, forcing the "user" (bot?) to now guess a
completely random string with no help, or consider at a new image.
This is likely out of the scope of the project, but also recording the time
when the CAPTCHA image was made and enforcing a maximum time to solve it
could be good.
Original issue reported on code.google.com by jmferl...@gmail.com on 9 Aug 2008 at 4:53
The text was updated successfully, but these errors were encountered:
For the first item, this would be implemented in your code. All Kaptcha does is
serve an image and put a token
in the session. If you want to reset it to a different value on failure, then
go ahead. The only benefit for that is
that you would be able to stop someone trying to brute force attack the kaptcha
with a bot (ie: trying the same
kaptcha value multiple times until they get it right. In my application, I do
something like this instead: http://lookfirst.com/2008/06/red-listing.html
With regards to recording a time, I can add another parameter to the session
that is a timestamp.
Original comment by latch...@gmail.com on 9 Aug 2008 at 5:55
Original issue reported on code.google.com by
jmferl...@gmail.com
on 9 Aug 2008 at 4:53The text was updated successfully, but these errors were encountered: