there is a captcha app on web2py.com/applicances you may want to look at. On Jan 21, 5:12 pm, pistacchio <pistacc...@gmail.com> wrote: > Hi, > I think it is really cool that web2py works under the hood to keep a > site secure (sql injection, xss...) and that it integrates and > encourages reCaptcha. > > As a user, though, i find captchas, in general, and reCaptcha in > particular to be annoying and invasive. For a small site that I'm > building I'm working on an automated anti-bot mechanism that should > work without even being noticed by the end user (in my case, people > posting comments to my blog posts). > > It is a combination of two different method based on hidden fields. > The first field is not "hidden" as in <input type="hidden">. it is a > <input type="text"> made invisible via css. It has a name like "email" > or "address". When the form is submitted, i check if the value is > EMPTY. Being invisible to the human user, a real user would't fill it, > but a bot would. > > The second field's value is set to current timestamp during the > generation of the page. When the form is submitted i check if at > least, say, 5 seconds have passed. A bot would fill and submit the > form almost instantaneously, while it would take some time to the real > user. > > I'll post more about this when it's properly done and tested, but, > because a fairly amount of automatism is involved in web2py form > creation / validation, it would be perhaps possible, to include such > mechanism as a standard security behavior of the framework.
-- You received this message because you are subscribed to the Google Groups "web2py-users" group. To post to this group, send email to web...@googlegroups.com. To unsubscribe from this group, send email to web2py+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/web2py?hl=en.
