Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Incompatible with django-recaptcha #53

Open
agseaton opened this issue Apr 5, 2023 · 3 comments
Open

Incompatible with django-recaptcha #53

agseaton opened this issue Apr 5, 2023 · 3 comments

Comments

@agseaton
Copy link

agseaton commented Apr 5, 2023

Many sites need to prevent misuse by bots, and this is often accomplished with Google reCAPTCHA. The package django-recaptcha allows this to be integrated into a Django form.

Unfortunately, at present django-formset appears to be incompatible with django-recaptcha.

I've created a test case to demonstrate this; please see eab80b7.

At the moment I'm not sure precisely what the issue is that prevents reCAPTCHA from working. I get the following error from the django test server:
WARNING: Unprocessable Entity: /bootstrap/article-captcha

Additionally, Google Chrome shows the response from the server as {"captcha": ["This field is required."]}.
@jrief
Copy link
Owner

jrief commented Apr 14, 2023

I'm unsure if Captchas are still a feasible solution to prevent form abuse. OCR often is better than humans, making Captchas obsolete. Using Google's Recaptcha might be a solution, but then you run into GDPR issues.

If you know about a solution which works as well as Google's Recaptcha and does not require any user input, please let me know. I have some ideas on this myself, but I'm open to good and user-friendly solutions.

@jrief
Copy link
Owner

jrief commented Apr 19, 2023

Yesterday I had a look at possible solutions. Captchas decrease the user experience and that's the opposite intention of this library. Therefore instead of Captchas, I would suggest to let the client do a proof of work. This means that the server creates a set of puzzles, the client has to solve. This at least will slow down brute force attacks considerably.

If you're willing to implement them, I can give you all the instructions on how to do this.

@agseaton
Copy link
Author

Thanks for getting back to me about this!

I agree that the captchas that rely on OCR/image processing/some other user input are not ideal. And while modern versions of Google recaptcha mostly avoid these problems, I hadn't considered the privacy implications. So perhaps supporting django-recaptcha is not necessary/useful for many real-world applications.

Yes, I'd be interested in looking into the 'proof of work' solution you suggested. I've also seen discussion elsewhere of using 'honeypots' to confuse bots. Perhaps a combination of these two techniques could be a viable solution?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jrief @agseaton