[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 579
  • Last Modified:

How important is a captcha?

There are some cionflicting views on whether it is worth including a captcha.
What do the experts think?
0
digisel
Asked:
digisel
4 Solutions
 
jayaram13Commented:
A well written CAPTCHA is incredibly important for several scenarios:

1.  Prevent automated brute force attempt to crack login id/password combinations.
2.  Prevent comments sections in forums from being filled up with spam.
3.  Prevent automated anonymous posters from posting in anonymous forums.
...
0
 
digiselAuthor Commented:
thanks.
there is a growing trend it seems to put a captcha on a Contact Us page.
I am considering doing the same.  But in this context it seems to be overkill.
Comments please
0
 
syedyounusCommented:
The purpose of captcha is to block auto-fill programs which can be anything like contact us forms or any other forms in general.

check the below link for further details.

http://en.wikipedia.org/wiki/Captcha 
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
digiselAuthor Commented:
thanks.   i was aware of that.
I am still not convinced that this is not overkill for  a smallish private site where there is very little contact anwya with users.
If I dont have it is there danger that I might just get spam comments.  If these do not give a return mail address then they identify themselves as spam anyway.
Or am I missing a poinjt??
0
 
sarangk_14Commented:
Another possibility that you need to take into consideration, if you are not going to use captcha, you need to have a strong validation performed on the content provided by the visitor on the contact us page. E.g. Disabling HTML code, Scripts, etc.

This is to prevent XSS/ CSS (Cross-site Scripting) attacks, which to the best of my knowledge, can be automated to a fair extent, i.e. no human intervention required.

Captchas help in this regard, by not allowing the "bots" to send these scripts to you.

Hope this helps. Request opinions by other experts.

Warm regards,

Sarang
0
 
syedyounusCommented:
It all depends on the age of the website & the number of using visiting daily.
If your website does not have that many users you can ignore the captcha or you can use recaptcha which is very much easier to integrate you can find it at http://recaptcha.net/

or you could try

http://www.experts-exchange.com/Programming/Languages/Scripting/JavaScript/A_2126-KAFKA-A-Simple-CAPTCHA-Implementation.html
0
 
madunixChief Information Security Officer Commented:
0
 
SnarflesCommented:
You're debating whether it is worth it for a particular site which you say is smallish and has limited emails sent through the contact form. If this is the case and you aren't getting any spam then there is no need to bother.... yet. If it comes to a point where you are getting spam then sure, whack one in, but if it is as you describe then why waste your time right now (unless its a learning thing...).
0
 
digiselAuthor Commented:
thanks for your time and input
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now