Hi!
I found a good resource for any developer, who wants to implement
a form "spam safe" without the use of a CAPTCHA.
This solution comes with a demo, a tutorial and the actual code.
I thought you might find this useful.
Safe Form Without CAPTCHA
-
johncanary
- Regular
- Posts: 116
- Joined: Mon Aug 20, 2007 4:00 am
- Location: Spain
- Contact:
Safe Form Without CAPTCHA
Yours John
: John's Google+ Profile
: John's E-Biz Booster Blog powered by Serendipity 1.7/PHP 5.3.14
: John's Google+ Profile
: John's E-Biz Booster Blog powered by Serendipity 1.7/PHP 5.3.14
The only problem I see with this article is that he doesn't explain why it works. We already use a hidden token in our contact form, and session timeouts through cookies. How is that so much different from his cookie token and server time hidden value?
Surely he doesn't think spammers are going to take 10 minutes to fill out a form, and we can use the timeout to eliminate them! That would just scare off users who took too long to say what they want.
Maybe he thinks spammers won't get the cookie? No, they get the cookie and the form, just like everyone else, and return those values when they try to subvert our blogs to their own nefarious purposes.
Perhaps it's the AJAX modification of the form that'll keep the spammers away. If so, I don't expect it to last long. All you need is Javascript, after all.
I suppose we could check against a minimum time to fill out the form, assuming humans wouldn't be using assistive technology with a cut-and-paste response.
I consider this method a mildly interesting hoop for spammers to jump through. I think the author and I have exactly opposite ideas on what's necessary and desirable, though: I consider captchas a necessary evil, while he thinks they prevent users from communicating; he considers Javascript to be a user-friendly solution to the spam problem, while I think it's a complicated bug-ridden security-missing kludge to be avoided if at all possible.
Surely he doesn't think spammers are going to take 10 minutes to fill out a form, and we can use the timeout to eliminate them! That would just scare off users who took too long to say what they want.
Maybe he thinks spammers won't get the cookie? No, they get the cookie and the form, just like everyone else, and return those values when they try to subvert our blogs to their own nefarious purposes.
Perhaps it's the AJAX modification of the form that'll keep the spammers away. If so, I don't expect it to last long. All you need is Javascript, after all.
I suppose we could check against a minimum time to fill out the form, assuming humans wouldn't be using assistive technology with a cut-and-paste response.
I consider this method a mildly interesting hoop for spammers to jump through. I think the author and I have exactly opposite ideas on what's necessary and desirable, though: I consider captchas a necessary evil, while he thinks they prevent users from communicating; he considers Javascript to be a user-friendly solution to the spam problem, while I think it's a complicated bug-ridden security-missing kludge to be avoided if at all possible.
-
johncanary
- Regular
- Posts: 116
- Joined: Mon Aug 20, 2007 4:00 am
- Location: Spain
- Contact:
Could be true! The time-out might be a bigger hurdle than a Captcha. Let'sjudebert wrote:... Surely he doesn't think spammers are going to take 10
minutes to fill out a form, and we can use the timeout to eliminate them!
That would just scare off users who took too long to say what they want. ...
say you open a new window for content that's linked from the post, ... you
read that, ... and follow another link, ... then finally after you had some
coffee with your wife, you go back to write that comment. TIME OUT.
Yours John
: John's Google+ Profile
: John's E-Biz Booster Blog powered by Serendipity 1.7/PHP 5.3.14
: John's Google+ Profile
: John's E-Biz Booster Blog powered by Serendipity 1.7/PHP 5.3.14