search

manyfold3d / manyfold

A self-hosted digital asset manager for 3d print files. Previously named "VanDAM"
https://manyfold.app
MIT License
595 stars 42 forks source link

Add CAPTCHAs to user forms #2277

Open Floppy opened 4 weeks ago

Floppy commented 4 weeks ago

As recommended in #2238:

Consider using CAPTCHAs or other challenge-response mechanisms to prevent automated attacks. This should also be added to other forms such as the password reset and registration forms to prevent abuse, such as flooding users' mailboxes and creating numerous accounts to exhaust system

I don't want to add an inaccessible CAPTCHA system (like easy_captcha used by devise_security) - I want something good and accessible. This needs to be done right!

Floppy commented 4 weeks ago

https://altcha.org/ might be useful here. It can be directly integrated into the app with https://github.com/zonque/altcha-rails, so no third party API, keys etc would be required.

Jookia commented 3 weeks ago

Have you considered a textual question/answer system?

Edit: CAPTCHAS are inherently inaccessible so you want to try and avoid them at all costs.

Floppy commented 3 weeks ago

Yeah the accessibility issue is a big thing for me - I definitely don't want to end up with a solution that makes that aspect worse. Altcha looks like it might be good on that front because there's no traditional captcha images etc. I'll explore.