Would be useful to have a captcha control.
Please read the email conversation about the topic:
Wim Dumon to witty-interest
show details 11 Feb (5 days ago)
Koen's answer at FOSDEM to this question was approximately this:
No, there's not yet a captcha in Wt. Due to the dynamic nature of wt
(dynamic id's all over the place), it is probably more difficult to
automate in a bot how to find out what the elements are that it has to
fill out, and how to post a form that passes Wt's validity checks.
Difficult doesn't mean that it is impossible, but we haven't seen Wt
applications being spammed yet.
I understand your argument... However I do not completely agree.
Indeed there are bots that are specialized on phpBB forum, on
wordpress blog etc. etc. It is matter of statistics. Nobody would
write a bot for WT application unless it will be widelly used like
phpBB forums etc. However if one wants to vandalize a site then I
think it is not that much trouble for somebody that is already
example you load manually the Blog at webtoolkit.eu, and you write a
little script that clicks on the Reply link, fills in the Editor
(these can be found based on the css class) and clicks save... To make
the work more difficult, maybe one should generate random css classes
as well and generate the equivalent css...
Obviously you are right. I believe it can be a lot of fun to design a
more humane captcha system for Wt, given that you have many building
blocks such as WPaintedWidget (with its various backends) and mouse
coordinate events which at least will entertain bots a bit.
It would be interesting to learn what is believed to be the state of
art for CAPTCHA systems ?
The state of the art is using reCAPTCHA: http://en.wikipedia.org/wiki/Recaptcha
ReCAPTCHA feeds two words, one is readable by OCR and the other is
not. By feeding words which are not readable by an OCR, you can be
sure there is a human behind the keyboard.
How can you verify the OCR-unreadable word has been typed correctly
(after all, it is UNreadable ;-) ) ? Because reCAPTCHA feeds the very
same OCR-unreadable word many times and statistically checks the
feedback to know what is the actual word.
Pau Garcia i Quiles
reCAPTCHA is already so old I would have hoped things had progressed
beyond it :-)
It has the drawback of requiring a foreign site, but otherwise it is
indeed pretty good. It should also be relatively straight forward to
integrate it. Perhaps we need it as a feature request ?
No data to display