Skip to main content

Form Submission using CAPTCHA

“Completely Automated Public Turing test to tell Computers and Humans Apart” in short CAPTCHA. Before I could start, I know there are people who are expert in Captcha, there are people who may be newbie and some may be intermediate. I will try my best to put some sound information on this topic which could be useful for different levels.

Now, why we need to separate Human and Computer when both are working on some interface to achieve something together. Yes it is required, because there have been continuous challenges in saving and posting the non-redundant data on internet safely. For the companies who provide the free email accounts, could be a victim of bots (bots are normally web robots, usually a program/script which runs on regular interval), that will create thousands of free email accounts if the User Registration Form has not been handled properly.

There are hackers and/or unauthorized users who will run some automated scripts and try to use the form data for their purpose. They not only read the data and manipulate them but also they could save the information for future proposes. There are instances where the automated programs (published by bots) could use the form data and send unsolicited spans to the number or users.  The best solution for blocking these kinds of attacks would be going with CAPTCHA.

CAPTCHA could be used to restrict these kinds of attacks. If I want to make some points about the CAPTCHA, I would say the following:
  • It could be used to prevent automated mass registration of accounts to online mail sites, forums, and blogs and even for polling sites or auction sites.
  • There may be some mechanism available using HTML tag to prevent Search Engine bots to restrict the page access. But it will still be open for bots to be able to go inside the site and do whatever they want to do. It provides an effective mechanism to hide your email address from Web scrapers.
  • Usually, bots find difficulty in analysing and decoding the captcha keys. So they will not be able to submit the form without passing captcha validation.
  •  The idea is to provide users to validate the CAPTCHA before submitting the form.


CAPTCHA Advantages:
  • CAPTCHA protects against any bots or brute force or misuse of information.
  • It helps in avoiding automatic form submissions.
  • CAPTCHA could be used to prevent attacks on Registration, Feedback/Rating Survey, Ticket booking system, any Appointment booking etc.
  • Protecting Email Addresses from Scrapers. There are spammers who will be crawling the Web continuously in the search of email address. If Captcha has been implemented it will be very difficult for the bots to bypass the validation and submit the form.
  • It helps in preventing Comment Spam in Blogs. These abusive scripts could be continuously submitting some unnecessary comments. It could be used for raising the ranks of the blog in the search engines.
  • By using a CAPTCHA, only humans can enter comments on a blog (as they have to pass the captcha validation).
  • CAPTCHAs could be used to prevent the attacker for locking the account by providing wrong password or scanning through the system to get the correct password. It could be implemented to validate the CAPTCHA for certain number of times of unsuccessful logins.

Best Practices:
  • Right Combinations: Use combination of images, texts and numbers with distorted display.
  • Images: Write the script which will generate the images which are complex enough to be deciphered but good enough to be read by the human irrespective of age, language of gender.
  • Avoid Complex Design: Make it simple and soothing. It is useless to have complex design for captcha which are difficult for users.
  • Say No to Dictionary Word: Do not use scripts which will generate the texts based on dictionary. Use some algorithm which will generate random strings. It is easier for human to identify a distorted word compare to recognize individual distorted characters. The drawback of using the dictionary word scheme in CAPTCHA is the vulnerability to dictionary attack.
  • Avoid Complex Background Design: Using colour and complex background pattern are proven to be ineffective since it can reduce the usability without any significant security level improvement.
  • Restrict Offensive CAPTCHA: The other factor in CAPTCHA content related to usability issues is the usage of offensive words. Every offensive word that generated automatically by CAPTCHA has a negative effect in user’s satisfaction and eventually will reduce the usability. The best solution to overcome this problem is by keep maintaining the list of words which are considered as offensive or abusive and prevent it from being generated by CAPTCHA.
  • Don't Create your own CAPTCHA: There are so many proven plug-ins and jars are available on internet developed by major companies. I personally feel reusing those Captcha scripts rather than developing my own. It will be difficult to understand all the scenarios.  They are up and running with all the possible cases covered.
  • Script Security: Building a secure CAPTCHA code is not easy. In addition to making the images unreadable by computers, the system should ensure that there are no easy ways around it at the script level.
  • Popularity: Now a day’s Captcha is being used by many famous Web Sites. Some of them are: 
    • Google
    • Yahoo
    • Hotmal
    • Paypal etc.

Code Example:

For Step by Step Code Implementation of Captcha, Please follow the ROSE INDIA Site.


Labels:

Comments

Post a Comment

Popular posts from this blog

Know your Repository Statistics

Being in software development, everyone of us must be using some or the other repository to save our work( popularly know as check-in check-out :) ). Recently while working on one of my project I thought of finding out the statistics of our project repository for some management reports. While there are so many tools available in the market to explore the stats, I chose to go with Tortoise SVN tool with some plugins. Following are other tools that can be very useful based on scenarios: -Commit Monitor -Winmerge -Visual SVN -SVN Monitor -CM Synergy from Telelogic -Many more are there If you are using Tortoise SVN and want to know the details(for example : no of java classes checked-in, lines of codes written, developers name, total code base details and many more ) about your repository You can use the following steps to find the details: 1-check if the SVN has been installed and working properly or not by using following command: C:\>svn help It will output something ...
Post a Comment
Read more

Testing your Webservice Applications using SOAP UI

SOAP UI is a standard desktop application for testing the Web Services projects. It provides full support for debugging, developing and testing of your web services applications. The tool support data driven development and also provides platform for creating test suites where you can create services for regression testing. For example if you want to test the complete flow of your SOA application, you can create Test Suites using SOAP UI and can perform end to end testing of your applications. The test suits can be configured to run in multiple environments (dev, sit, uat or production). Okay, let’s start the working on SOAPUI. I will show you the simple webservice testing that I developed in my last blog. Prerequisites: -You have developed your webservices -Webservice is ready and running on your local server -Installed SOAP UI tool Step-1 Download the SOAPUI tool Step-2 Open the soap UI Tool Setp-3 Right click on the project and choose New SOAP Pro...
Post a Comment
Read more

It's All Mobile

In the digital era, where anything is available on finger tip and we want everything in our pocket, It will not be wrong to say that mobile devices have become our life line. These devices are impacting our lives on a daily basis. Today we have an app(as the modern world calls it) for everything. You name an application, its there on app store/play store. For any company(small or big), having a mobile application can be a smart way to connect with people and get started with their business very quickly.  I can say it has become a must first step for businesses to have mobile presence if they want to reach out to their customers easily and on time. This is high time for them to get their feet wet and jump into this App world. Today's world of technical innovation is taking business owners closer to their customers and giving them opportunity to know the customers need. This can be a good way to understand your customer instead of solving their problem. Demand for mobile software a...
Post a Comment
Read more