Add a CAPTCHA challenge before sign up #174
Comments
|
omg :-/ thank you so much for reporting this... everything /should/ be escaped but I'm not sure at the moment... I would be like SUPER excited if someone could take care of this asap. |
|
@PragTob Hi again, is there any way I can help with this feature? Or is this something that the core Hackety developers would rather handle themselves? I'm up for talking about it, if you have time. |
|
@reprah Hi there - it would be awesome indeed if you could help with this feature :-) Adding a captcha is something you can definitely help with - deleting the topic would fall into the hands of someone else. Generally there is not much activity on this repo... I merely step in trying to keep things intact. Most people focus on other projects these days (for me personally that is shoes4, a little gem and my master thesis :-) ) |
|
I don't mind if this project isn't very active; I just like programming practice! I'll go research options for integrating captchas in Rails and get back to you. Just a question, how often is the master branch merged into the production environment? Maybe I'll go look at shoes4 after this... that's an interesting thesis, good luck! :-) |
|
Hi there, so right now it isn't pushed to production quite frequently. There have been some changes and I'll have to talk to Steve about that e.g. if pushing still works the way I'm used to. However you're right especially the questions/support fix should be pushed soon-ish :-) Tobi |
|
It looks like the recaptcha gem is the most popular option, and it supports Hackety's Rails version. What do you think? Recaptcha requires API keys though, so I'm guessing you guys would add your own as an ENV variable in production (just like the secret token)? Have a good weekend |
|
Hi there, thanks for you investigation. Recaptcha sure enough seems like a valid solution. Personally I just slightly dislike using an external service for something conceptually as simple as creating and verifying captchas. I found this gem(simple captchas) which also supposedly works. I don't know, what do you think @steveklabnik ? Tobi |
|
I don't have any strong opinions, but if we use an external service, we have to think about how to share credentials. |
|
Looks like it's up to you, Tobi. Maybe the best choice is whatever is easiest to maintain (since time is limited), and I can understand why using an external service is undesirable. Do you all want to still give this feature a shot? |
|
Yeah definitely we want to give this feature a shot - right now this project sadly isn't my premiere open source project I'm working on. I'd be for not using an external service. However for starters we could even get away with a simpler question that I sometimes see... just like something "What is the solution for this: 12 + 4" - should be enough to throw most bots of. Or what's the name of this website or something... Sorry for the delay, have been sick. |
|
Hi, it's no problem. I didn't mean to sound impatient. What do you think of using a hidden form field to prevent bots from signing up instead of captchas/math problems? The field would be hidden with CSS and invisible to a human, but a program would try to fill it in and they can be rejected based on this field. There might be some problems w/ this approach that I'm not aware of, but it doesn't require another gem at least. |
|
@PragTob it looks like ArturG did a great job at adding in the captcha feature (with tests, even) so I'll take a look at a different issue or check out the Shoes4 issue tracker. Thanks! |
Please see this spam page :-( http://hackety.com/questions/520cdd8c546ab1000202668d
(On a side note, do we allow Iframes in questions/answers?)
The text was updated successfully, but these errors were encountered: