clevernyyyy
commented
8 years ago I vote that it's not necessary, but willing to put in the effort if we ultimately decide we want it.
Still thinking. . . it's possible it would matter if the competition has a huge user base.
We should add support to a captcha service for registration.
By default, it should be disabled. An admin could enable it by giving an API key for an external captcha service.
We could possibly implement reCAPTCHA.
However, I recently read this and reCAPTCHA may not be as secure.
Does this matter as much for CTF competitions though? We currently limit requests for registration to prevent spam.