Feature #299

WCaptcha needed

Added by mobi phil almost 13 years ago.

Target version:
Start date:
Due date:
% Done:


Estimated time:


Would be useful to have a captcha control.

Please read the email conversation about the topic:

Wim Dumon to witty-interest

show details 11 Feb (5 days ago)

Koen's answer at FOSDEM to this question was approximately this:

No, there's not yet a captcha in Wt. Due to the dynamic nature of wt

(dynamic id's all over the place), it is probably more difficult to

automate in a bot how to find out what the elements are that it has to

fill out, and how to post a form that passes Wt's validity checks.

Difficult doesn't mean that it is impossible, but we haven't seen Wt

applications being spammed yet.



I understand your argument... However I do not completely agree.

Indeed there are bots that are specialized on phpBB forum, on

wordpress blog etc. etc. It is matter of statistics. Nobody would

write a bot for WT application unless it will be widelly used like

phpBB forums etc. However if one wants to vandalize a site then I

think it is not that much trouble for somebody that is already

familiar with html, javascript and a tool like Greasemonkey. For

example you load manually the Blog at, and you write a

little script that clicks on the Reply link, fills in the Editor

(these can be found based on the css class) and clicks save... To make

the work more difficult, maybe one should generate random css classes

as well and generate the equivalent css...

mobi phil

Obviously you are right. I believe it can be a lot of fun to design a

more humane captcha system for Wt, given that you have many building

blocks such as WPaintedWidget (with its various backends) and mouse

coordinate events which at least will entertain bots a bit.

It would be interesting to learn what is believed to be the state of

art for CAPTCHA systems ?



The state of the art is using reCAPTCHA:

ReCAPTCHA feeds two words, one is readable by OCR and the other is

not. By feeding words which are not readable by an OCR, you can be

sure there is a human behind the keyboard.

How can you verify the OCR-unreadable word has been typed correctly

(after all, it is UNreadable ;-) ) ? Because reCAPTCHA feeds the very

same OCR-unreadable word many times and statistically checks the

feedback to know what is the actual word.

Pau Garcia i Quiles

reCAPTCHA is already so old I would have hoped things had progressed

beyond it :-)

It has the drawback of requiring a foreign site, but otherwise it is

indeed pretty good. It should also be relatively straight forward to

integrate it. Perhaps we need it as a feature request ?



No data to display

Also available in: Atom PDF