More user friendly approach to captcha? Discussion
Posted: Thu Jan 08, 2009 9:52 pm
Hi there,
I am thinking of a way to reduce the amounts of captcha codes to solve for visitors. More specifically: I want to build a site which allows for extended user interaction (comments, tags, ratings). Now to prevent spammers from taking advantage of these features and to prevent them from automatically publish bullsh*t on my site, I need some sort of captcha-thingy.
Let's assume I have a captcha in every form. For a lot of interactive inputs the visitors have to enter the codes. I do not want to go for registered users. There I could put all interactive forms in a sort of custom-content and voilá.
So I thought doing the captcha once and storing a flag like "is_human=true" in the session could do the trick. Now, whenever I show a form, I could include a captcha if the user hasn't completed any captcha so far. Depending on the session status, I either show a form with captcha or without.
What do you think about this approach?
The question now: how to integrate this smooth into CMSMS in terms of end-usability and compatibility with existing modules such as comments, guestbook or others? As for comments, I think it either runs with or without captcha - but not both.
Another way could be to AJAX everything and always go through a page where the captcha status is checked before post-data is forwarded to the corresponding module. However, it would still allow to uncover the actual post locations of the modules to undermine the mechanism. So after all, the actual modules would have to check for the session status... or am I wrong? Because any wrapping could be uncovered once you turn on e.g. "live http headers" in FF.
What are your thinkings about captchas and usability?
Best
Nils
I am thinking of a way to reduce the amounts of captcha codes to solve for visitors. More specifically: I want to build a site which allows for extended user interaction (comments, tags, ratings). Now to prevent spammers from taking advantage of these features and to prevent them from automatically publish bullsh*t on my site, I need some sort of captcha-thingy.
Let's assume I have a captcha in every form. For a lot of interactive inputs the visitors have to enter the codes. I do not want to go for registered users. There I could put all interactive forms in a sort of custom-content and voilá.
So I thought doing the captcha once and storing a flag like "is_human=true" in the session could do the trick. Now, whenever I show a form, I could include a captcha if the user hasn't completed any captcha so far. Depending on the session status, I either show a form with captcha or without.
What do you think about this approach?
The question now: how to integrate this smooth into CMSMS in terms of end-usability and compatibility with existing modules such as comments, guestbook or others? As for comments, I think it either runs with or without captcha - but not both.
Another way could be to AJAX everything and always go through a page where the captcha status is checked before post-data is forwarded to the corresponding module. However, it would still allow to uncover the actual post locations of the modules to undermine the mechanism. So after all, the actual modules would have to check for the session status... or am I wrong? Because any wrapping could be uncovered once you turn on e.g. "live http headers" in FF.
What are your thinkings about captchas and usability?
Best
Nils