Open techytushar opened 6 years ago
Filling out CAPTCHA for every request is not a good experience for the user. Explain how you would like to implement the CAPTCHA to ensure good experience and good security.
i am thinking of using the Google's reCaptcha tool, i have used it many times on websites and it only prompts the user to mark the captcha when he is sending many requests again and again.
Are the HTML forms the right place for rate-limiting? Showing a form is cheap. The expensive bits seem like they'd be the API endpoints (e.g. the curl
commands mentioned here). I think rate-limiting will be easier to work out rate-limiting for the API requests, and then replace the current server-side form processing under src/app
with JavaScript API requests.
@techytushar @rtgdk @wking So instead of adding a google recaptcha just implement the solution stated by wking above to solve the issue or the other way?
This can be a small step towards #4 .