Beetix
commented
2 years ago Google's reCAPTCHA might be the easiest way to achieve that.
Open reinierl opened 3 years ago
Beetix
commented
2 years ago Google's reCAPTCHA might be the easiest way to achieve that.
Beetix
commented
2 years ago Seems rather straightforward looking at Firebase's doc
Beetix
commented
2 years ago Seems rather straightforward looking at Firebase's doc
After looking into it, it's different from the initial proposed solution. It's a service called App Check. It works with a token exchange to ensure that requests on the backend come from the official app. It seems like a good solution to stop bots and fake apps. What do you think?
reinierl
commented
2 years ago That looks good to me!
Beetix
commented
2 years ago Great! Submitted PR #38
reinierl
commented
2 years ago Okay, it's been too long, but now that I bit the bullet and deployed it to production while it's not even working locally for me, it seems to be doing its job =).
Our users register on CyclePlanet to interact with other cyclists, not to have their data scraped, collected and processed by spammers or other malicious parties.
So let's discourage data scraping by requiring actual interaction by a flesh-and-blood human to create an account.
Creating an account should then also become a prerequisite for accessing most user data in Cycle Planet, which should be taken care of by other issues under the security label.