navapbc / template-application-rails

Ruby on Rails with USWDS template, including CI/CD, for teams building web applications
Apache License 2.0
2 stars 1 forks source link

Honeypot field and validation for forms #35

Closed SammySteiner closed 4 months ago

SammySteiner commented 4 months ago

Describe the problem and the solution you'd like

Anti-spambot measure Adding honeypot fields to forms that are accessible to users before they need to login is recommended by the Rails security best practices. The idea is that it's a hidden field that human users won't fill in, therefore if it is filled in, we can assume it was submitted by a bot and reject the submission.

Solution

Alternatively Consider using the Rails honeypot-captcha library.

Additional context

Good reading:

Priority

None