I know it's not really a programming question but I don't know where to ask it.
Should i use a captcha in my sign up form ?
Facebook, twitter, foursquare, gowalla etc... don't use one (or not a visible one). Is there an invisible catpcha on theses sites ?
Thank you
UPDATE :
I have found a nice article about it : http://www.smashingmagazine.com/2008/07/08/web-form-design-patterns-sign-up-forms-part-2/
Thanks for your answers
I don't use a captcha for SingingEels, but I do require a valid email address. Users have to confirm their email address by clicking a link sent with a GUID upon creating a new account.
That validates a real human, and also prevents quick sign-ups for spam comments.
There is no need to use captcha code in SignUp page. But as far as security reason is concerned, you need to captcha code where you have any form. Because some one puts a robot for signup in your page at that you have to face a problem with your website. So for this purpose you need to add captcha not only in Signup page but every form you are using in your website.
CAPTCHA helps prevent automated abuse of your site (such as comment spam or bogus registrations)
it is advisable to use additional authenication methods, captcha, email authentication are most advisable.
It is not advisable to use any captcha at all..
Also see;
http://www.interfacegeek.com/dont-ever-use-captchas/
Related
This is basically a suggestion type of question. I have a scenario where we have to create an API endpoint to reset the password. I want to use OTP. But my senior suggests that we can send a reset link to the user's email ID. Can anyone give some strong points that what are the pros and cons of OTP vs reset-link?
And also I try to find some links regarding for this. And I'm not able to do so. Can you please provide some links also? If possible.
Thanks in Advance.
I want to know if I should I use Captcha for all forms in my website?
or there is some cases that require it?
any help is appreciated
Unless your users are already authenticated (logged in), it is indeed a very good idea to have a captcha on each form to limit the number of spam bot abuse you receive.
In some cases, it is still a good idea even when the users are logged in.
I am into a strange fix with my site.
Firstly, my site is password protected. So, when I visit, http://www.mysite.com it is greeted with a nice shiny login page. User puts in the credentials and goes in.
Now, I am hoping that for some special people, they don't have to login. For that I need to have some specific URL, say, http://www.mysite.com/bypass which takes me to the site without any login page.
Is it possible?
Many Thanks
It should be possible, but I wouldn't recommend it. A good option would be to just tell those special people to have their browser save the password.
To actually implement what you want - to log in without login credentials you'd have to do something like what "drush user-login" does. It creates a one-time link that allows anyone to become "logged in". It's the same functionality as the password reset link. You could probably detect the (type of) link and re-route it to the http://www.mysite.com/bypass address.
In the end it's best just not to do it.
I think there is a human registering a user, getting past the original CAPTCHA, then firing his php script to spamalot.
Is there a way to make the user do the captcha test for every post in PHPBB3?
Won't this deter regular user from using your forum ? I wouldn't use stackoverflow if I had to enter a CAPTCHA each time I wanted to post a answer...
I'm not directly answering your question, but in PHPBB 3.06 you have the "Newly Registered Users Group" to which you can give specific permissions (like all messages going to the moderation queue). May this help ? Depending on your traffic you may also validate each user manually (admin activation)
More info on PHPBB and spam here : http://www.phpbb.com/community/viewtopic.php?f=46&t=1861645 (stronly suggested)
I'm trying to add a "share via twitter" link to our website. I'm aware of the standard http://twitter.com/home?status=TWEET method, and it works good enough for my purposes when the user is logged in to twitter already.
If, however, the user is not logged in, twitter displays the login form first (which is only reasonable). After the login, the home screen is displayed without the tweet content.
Am I missing something obvious, or is this a know flaw in this method? If so, what is the easiest way (apart from using services like TweetMeme, which I noticed asks for login in advance) to make the share button work as expected?
If the user is not signed in when accessing http://twitter.com/home?status=TWEET it seems that the status is indeed forgotten. This would be a Twitter website issue and not something you're doing wrong.
Update: Use this URL instead: http://twitter.com/intent/tweet?text=TWEET
TweetMeme, on the other hand, uses its own Twitter "application" via the OAuth authentication, requiring users to log in before retweeting using TweetMeme, and is smart enough to include the tweet message in the OAuth callback URL so that it's not forgotten.
So really, you can:
Use TweetMeme, where the user would have to log in, but at least have the tweet be remembered once that's done;
Create your own Twitter application that uses the same tweeting functionality as TweetMeme; or
Use Twitter.com's less-than-desirable status updater and hope the user is logged in, or hope that they're smart enough to click the back button a couple times and click on your link again if needed.
Just use the following url and parameters
http://twitter.com/share?text=YOUR-TEXT&url=YOUR-URL
Then it works.