search

dejanstojanovic / MVC-Honeypot

Honeypot implementation in ASP.NET MVC
Other
12 stars 7 forks source link

any updates for web.config setting #1

Closed smartmeter closed 8 years ago

smartmeter commented 8 years ago

Hi, is there anyway I can set this at a class level or controller level inside web.config like nwebsec

dejanstojanovic commented 8 years ago

It is possible to specify property names of model inside config and use them on filter constructor. You would not even need new config section, just use the key in appSettings and split property names with comma, but config sections would be more elegant solution :) I just did not include this option because when ever you add new model in MVC application you will most likely rebuild, so it does not make much sense to use config

smartmeter commented 8 years ago

great thanks :+1:

surface area: where or rather which views do you recommend using/put this up on, mostly login/register? or all views?

it would be nice to have a surface area configuration

Also will this interfere with captcha or cloudflare Have you seen NWebSec, wondering if this is supplementary or complimentary :)

dejanstojanovic commented 8 years ago

Hi,

I used it for login forms, but you can basically use it on every field where you want to make sure no bout has entered value, like newsletter email subscription field or any other which is not protected by any login and you store it in your database.

I am not currently s much focused on this library, so I am not sure I will make changes to it soon, but feel free to update it for surface configuration, I will merge your update :)

The idea of this approach is actually to avoid captcha or any security input from user to identify user as no bot.

I haven't work with NWebSec, but it looks like a nicely done library. I might consider using it in future projects. Thanks for the info :+1:

patagoniahiker commented 8 years ago

Hello, this is a nice plugin :100: can you post a sample on

how to update the honey pot names do i need this only in my login/register and landing pages or do i need this inside every action/controller

thanks patty

dejanstojanovic commented 8 years ago

You only need it on the pages you have some sort of notification. It basically tries to replace the captcha and to confuse the bot to write to a field which is logically there for login which in fact is replaced by field with auto generated id/name

patagoniahiker commented 8 years ago

great thx :+1: