[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Captcha implementation: which way to choose?
From: |
Hleb Rubanau |
Subject: |
Captcha implementation: which way to choose? |
Date: |
Sun, 1 Aug 2010 02:41:29 +0300 |
User-agent: |
Mutt/1.5.20 (2009-06-14) |
Hello!
I would like to try to implement support of captcha algorithm in samizdat
engine (enabled by default for anonymous users only).
The main question is what should be chosen as preferred backend?
My brief investigation shown that there are 3 most possible variants: use
standalone captcha implementation (http://rubyforge.org/projects/captcha/) or
bound to 3rd party service like Google's "recaptcha"
(http://www.google.com/recaptcha/learnmore), implement 'textual captcha' from
scratch.
All approaches has significant pro's and contra's
"CAPTCHA" class from rubyforge:
+ is native ruby library, independent from any 3rd party services
- last release was in 2004 -- it does not seem to be actively supported,
and I have no idea whether algorithms from 2004 are still remaining strong and
secure in 2010.
- I did not estimate, but I have intuitive feeling that generation of
graphic captchas can seriously affect server's performance under high load
Google's "Recaptcha":
+ does not affect server performance, as all processing is done on
third-party servers
+ is an active product, supported by google developers
+ has a social benefit: service is a part of project on books digitizing
- is a corporate service
- has a security hole: google tags are injected in page shown to user
- requires site owner to obtain API key from google, and bind it to domain
Self-made textual captcha implementation:
+ do not require 3rd-party service
+ should not affect site load significantly
- textual captchas are considered relatively weak in comparison w/
graphical ones
I would very appreciate any opinions on topic, b/c it's not obvious for me
which approach best suites to the samizdat architecture (except of
google-bounded: I believe it's unacceptable).
Also I am not sure that all possible variants are described above.
--
Hleb
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- Captcha implementation: which way to choose?,
Hleb Rubanau <=