rtgdk
commented
6 years ago Filling out CAPTCHA for every request is not a good experience for the user. Explain how you would like to implement the CAPTCHA to ensure good experience and good security.
Open techytushar opened 6 years ago
rtgdk
commented
6 years ago Filling out CAPTCHA for every request is not a good experience for the user. Explain how you would like to implement the CAPTCHA to ensure good experience and good security.
techytushar
commented
6 years ago i am thinking of using the Google's reCaptcha tool, i have used it many times on websites and it only prompts the user to mark the captcha when he is sending many requests again and again.
wking
commented
6 years ago Are the HTML forms the right place for rate-limiting? Showing a form is cheap. The expensive bits seem like they'd be the API endpoints (e.g. the curl commands mentioned here). I think rate-limiting will be easier to work out rate-limiting for the API requests, and then replace the current server-side form processing under src/app with JavaScript API requests.
Ugtan
commented
5 years ago @techytushar @rtgdk @wking So instead of adding a google recaptcha just implement the solution stated by wking above to solve the issue or the other way?
This can be a small step towards #4 .