Login ProductsSalesSupportDownloadsAbout |
Home » Technical Support » Elevate Web Builder Technical Support » Support Forums » Elevate Web Builder General » View Thread |
Messages 1 to 6 of 6 total |
Google No-Captcha reCaptcha |
Sun, Jul 31 2016 1:23 AM | Permanent Link |
Eivind | I suppose some of us EWB devs that have public registration form have to use some kind of reCaptcha. What are you guys using today?
I'm looking into using the No-Captcha reCaptcha solution from Google. However, that requires including some javascript libs and calling some javascript functions. On googles site is says to link to to: <script src='https://www.google.com/recaptcha/api.js?hl=es'></script> and then add a div tag: <div class="g-recaptcha" data-sitekey="XXXXXXXXX"></div> To verify if the user clicked the "I am not a robot" checkmark a function called getResponse() have to be called. After this, I guess the server part is plain and easy to verify the response. The question is.... How is all this done in EWB??? My customers want let me have unprotected registration forms anymore and have requested the No-Captcha solution as it is the newest and easiest solution. It would be absolutely brilliant to have this and possibly the Google Authenticator implemented in the core of EWB for customers that need the extra security and spam prevention. Any thoughts? Thanks Eivind |
Tue, Aug 2 2016 8:30 AM | Permanent Link |
Eivind | Ok, so I have been studying bots and spammers the last two days and it seams they don't particularly like Javascript. They tend to disable javascript and try to read the html form for inputs and post values in all form fields. As EWB is not based on "normal" html forms, do you think spammers will give up easier when confronted with a pure client side javascript form? Now they have to decode all the javascript to try to figure out what form fields needs data etc. Obviously, spam bots are getting more and more sophisticated, but I wondered if anyone else have some input on this.
So let's say EWB makes it more difficult for spammers to read the forms and post correct data. For my signup form I use a TServerRequest to post various data to the server for user registration. After user registration, all data exchange is using TDataSets. First I have another TServerRequest checking if the email address is not taken. Would it be even trickier for the spammer if I used the TDataSet.Insert on the signup form instead that posts a JSON string to the DatasetAdapter in my Delphi ISAPI dlls? Now he have to figure out exactly how to format the JSON string to be able to spam me. Quite frankly I have not been bothered with spammers so far in any EWB projects. Do anyone else have any issues with public signup forms and spammers? The whole reason I started this thread is because of certain clients are asking for it. Not because of large amount of spammers. Cheers Eivind So let's say EWB |
Tue, Aug 2 2016 9:25 AM | Permanent Link |
Matthew Jones | Eivind wrote:
> spammers It is an interesting question really. You are right in that most won't bother with the javascript so that will cut most fly-by spamming. If someone cares enough, they will look at the http calls and work out what is happening, and ignore your files completely. That of course is also more work, so it comes down to how valuable your content is. If you are facebook then it would be well worth it, but most custom sites are not going to be an issue. It also depends on whether you need an account or not. But, even with all that, there are people who get paid to manually visit sites, sign up, and post spam. You'd have to be very clever to be able to stop them. And the solution would probably be to logging things like the source IP address/range, and then doing something like hell-banning their accounts (so they can post, but it never appears except to them, perhaps also held for approval). -- Matthew Jones |
Tue, Aug 2 2016 10:46 AM | Permanent Link |
Eivind | Thanks for your thoughts Matthew!
Yea, hopefully spammers want see too much value in spamming my client as there is really not any value for them and as you you mention, if "fly by spammers" leave EWB apps alone for while that would be splendid. Only need to convince my client the same Problem with clients is that they have heard from a friend that have heard from a friend that you have to have reCaptcha on the public reg forms. Cheers Eivind |
Tue, Aug 2 2016 12:55 PM | Permanent Link |
Raul Team Elevate | On 8/2/2016 8:30 AM, Eivind wrote:
> So let's say EWB makes it more difficult for spammers to read the forms and post correct data. For my signup form I use a TServerRequest to post various data to the server for user registration. After user registration, all data exchange is using TDataSets. First I have another TServerRequest checking if the email address is not taken. Would it be even trickier for the spammer if I used the TDataSet.Insert on the signup form instead that posts a JSON string to the DatasetAdapter in my Delphi ISAPI dlls? Now he have to figure out exactly how to format the JSON string to be able to spam me. > Quite frankly I have not been bothered with spammers so far in any EWB projects. Do anyone else have any issues with public signup forms and spammers? > The whole reason I started this thread is because of certain clients are asking for it. Not because of large amount of spammers. EWB does help with the automated website scraping for form fields but one can still use test automation tools to simply run a browser and submit this (same one we as devs might use to do UI testing - even something like AutoIT likely would work though have not tried : https://www.autoitscript.com/site/). Having captcha would be worthwhile IMHO even with EWB and if Tim would natively add support it would be ideal Raul |
Wed, Aug 3 2016 7:41 AM | Permanent Link |
Tim Young [Elevate Software] Elevate Software, Inc. timyoung@elevatesoft.com | Eivind,
<< The question is.... How is all this done in EWB??? >> The short answer is that you take the JS api, implement an external interface for it: http://www.elevatesoft.com/manual?action=viewtopic&id=ewb2&topic=External_Interfaces and then just use the classes/functions/procedures in the external interface declarations in your code. The long answer is that it's a bit more complicated than that, especially with Google APIs. Tim Young Elevate Software www.elevatesoft.com |
This web page was last updated on Thursday, March 28, 2024 at 06:05 PM | Privacy PolicySite Map © 2024 Elevate Software, Inc. All Rights Reserved Questions or comments ? E-mail us at info@elevatesoft.com |