As an alternative method there is a very robust solution: client auth using a x509 client certificate. As a user installing the certificate is simpler than answering questions or reading weird captchas and he can forget about it, the browser does all the auth by itself using the SSL/TLS protocol, but it all depends on usage scenarios. You need a PKI that generates a pkcs12 certificate+private key archive and let the user install it on its browser. For my needs I have written a simple PKI here for web2py:
https://code.google.com/p/simpatica/ The code is really simple. The advantage is that certificate generation can be automated during registration process of any web2py app. There are other and better PKI implementations around, much more complex to manage, but it depends on how much security and features you need. To avoid browser complaints about insecure certificates, just use your server private key that you use in your PKI, to request a cheap or free server certicate (startssl.com is a good one), install it on your web server along with the private key and you are done. Web2py supports x509 auth out of the box with rocket, but you can use most ssl enabled servers: apache, nginx, cherokee and many others. mic 2013/6/16 Joe Barnhart <[email protected]> > At least one site i use regularly implemented a 24-hour posting delay. > Sign up today and your posting ability starts tomorrow. It was a little > annoying to newbies but it really zeroed the spam! > > -- Joe > > > On Saturday, June 15, 2013 12:40:50 PM UTC+8, rochacbruno wrote: >> >> Hi, >> >> recently we are having too many spams posted on web2pyslices.com >> >> I am deleting one by one, but started to be difficult to track this. >> >> We need to implement a captcha system or any other kind of spam blocking. >> >> is there any volunter? to do this for user registration form and also for >> article post form? >> >> I am in a rush between work and medical treatments, I tried but I really >> have no time now to develop this. >> >> If anybody can take this, please email me ans I give you access to the >> development version of the code on pythonanywhere. >> >> Thanks. >> >> []'s >> >> --- >> >> Bruno Rocha >> http://github.com/rochacbruno >> http://rochacbruno.com.br >> http://terraqueos.org >> > -- > > --- > You received this message because you are subscribed to the Google Groups > "web2py-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > > For more options, visit https://groups.google.com/groups/opt_out. > > > -- --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
