Any plan to support *CAPTCHA *in IS without having internet connection ? Because previous version of *CAPTCHA* is OOB service and now we are going to use google service. Do we have way to install google service plugin or something in offline within product ?
*Harsha Thirimanna* Associate Tech Lead; WSO2, Inc.; http://wso2.com * <http://www.apache.org/>* *email: **[email protected]* <[email protected]>* cell: +94 71 5186770 * *twitter: **http://twitter.com/ <http://twitter.com/afkham_azeez>* *harshathirimannlinked-in: **http: <http://lk.linkedin.com/in/afkhamazeez>**//www.linkedin.com/pub/harsha-thirimanna/10/ab8/122 <http://www.linkedin.com/pub/harsha-thirimanna/10/ab8/122>* *Lean . Enterprise . Middleware* On Wed, Jun 8, 2016 at 1:38 AM, Omindu Rathnaweera <[email protected]> wrote: > First we need to register at [2] and create an API key pair for the >> required domain. > > > Should a product user generate their own key pair and configure the > product prior to using reCaptcha ? > > Regards, > Omindu. > > > On Tue, Jun 7, 2016 at 11:33 PM, Thanuja Jayasinghe <[email protected]> > wrote: > >> Hi All, >> >> I'm working on $subject. >> >> *Why reCaptcha?* >> >> *"reCAPTCHA is a free service that protects your website from spam and >> abuse. reCAPTCHA uses an advanced risk analysis engine and adaptive >> CAPTCHAs to keep automated software from engaging in abusive activities on >> your site. It does this while letting your valid users pass through with >> ease." -Google[1]* >> >> >> *How does reCaptcha works?* >> >> First we need to register at [2] and create an API key pair for the >> required domain. The key pair consists of a site key and secret. The site >> key used when we display reCaptcha widget on a page. After verification, >> new parameter called 'g-recaptcha-response' will be available in the >> form which user submits. From the server side we can verify that reCaptcha >> response calling the Google API with the secret key. >> >> >> *Where we're going to use reCaptcha?* >> >> Basically any place which can be vulnerable to Bots attack, >> >> 1. SSO login flow >> 2. User recovery flows >> 3. User registration flow >> >> >> *Implementation* >> >> Conditions to enable reCaptcha is different from one scenario to another. >> As an example user registration may enable reCaptcha by default, but SSO >> login page may enable it after n failed attempts from a single user. Also >> reCaptcha requirements may be different from one tenant to another. >> >> So we have introduced filter called "ReCaptchaFilter" to intercept >> requests and pass them to a reCaptcha connector which can handle a >> particular scenario. Connector will provide following information to the >> filter, >> >> - Whether the connector can handle the request >> - Priority of the connector >> - Whether the reCapatha verification is needed for the current request >> - Whether that attempt is a successful or not >> >> Based on above information filter will select a connector which can >> handle the incoming request and will validate reCaptcha if needed. >> >> Also to keep this in a state less manner, IS will do following, >> >> - Will evaluate the need for reCaptcha at the server side >> - Will inform and provide necessary data to the pages if server is >> expecting reCaptha validation >> >> >> *OOTB Connectors* >> >> IS will provide two reCpatcha connectors OOTB as " >> SSOLoginReCaptchaConnector" and "PathBasedReCaptchaConnector", which >> implement "ReCaptchaConnector" interface. These connectors also >> implement "IdentityGovernanceConnector" to enable UI based configuration >> management. >> >> SSOLoginReCaptchaConnector - Can enable reCaptcha after n number of >> failed attempts form a single user. This connector does not depend on the >> user agent and will take the sum of failed attempts from any agent. >> PathBasedReCaptchaConnector - Can validate reCaptcha for a request path. >> This will always validate reCaptcha for a given request path. >> >> >> Appreciate your input. >> >> [1] - https://developers.google.com/recaptcha/intro >> [2] - https://www.google.com/recaptcha/admin >> >> Thanks, >> Thanuja >> -- >> *Thanuja Lakmal* >> Senior Software Engineer >> WSO2 Inc. http://wso2.com/ >> *lean.enterprise.middleware* >> Mobile: +94715979891 +94758009992 >> >> _______________________________________________ >> Architecture mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > > -- > Omindu Rathnaweera > Software Engineer, WSO2 Inc. > Mobile: +94 771 197 211 > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > >
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
