[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Captcha implementation: which way to choose?

From: Hleb Rubanau
Subject: Captcha implementation: which way to choose?
Date: Sun, 1 Aug 2010 02:41:29 +0300
User-agent: Mutt/1.5.20 (2009-06-14)


I would like to try to implement support of captcha algorithm in samizdat 
engine (enabled by default for anonymous users only).

The main question is what should be chosen as preferred backend?
My brief investigation shown that there are 3 most possible variants: use 
standalone captcha implementation ( or 
bound to 3rd party service like Google's "recaptcha"  
(, implement 'textual captcha' from 

All approaches has significant pro's and contra's

"CAPTCHA" class from rubyforge:

    + is native ruby library, independent from any 3rd party services
    - last release was in 2004 -- it does not seem to be actively supported, 
and I have no idea whether algorithms from 2004 are still remaining strong and 
secure in 2010.
    - I did not estimate, but I have intuitive feeling that generation of 
graphic captchas can seriously affect server's performance under high load

Google's "Recaptcha":

    + does not affect server performance, as all processing is done on 
third-party servers
    + is an active product, supported by google developers
    + has a social benefit: service is a part of project on books digitizing
    - is a corporate service
    - has a security hole: google tags are injected in page shown to user
    - requires site owner to obtain API key from google, and bind it to domain 

Self-made textual captcha implementation:
    + do not require 3rd-party service
    + should not affect site load significantly
    - textual captchas are considered relatively weak in comparison w/ 
graphical ones

I would very appreciate any opinions on topic, b/c it's not obvious for me 
which approach best suites to the samizdat architecture (except of 
google-bounded: I believe it's unacceptable).

Also I am not sure that all possible variants are described above.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]