Does a captcha expire
1,982 views
Skip to first unread message
Ryk Neethling
Aug 6, 2013, 1:59:40 AM8/6/13
to reca...@googlegroups.com
I have a scenario where I have to capture information from a user and pass it on to a third party. The third party requires me to send them the reCaptcha challenge and response.
My issue is that from the time we capture the information to the time we have to send it to the third party, could be weeks. So I am unsure if it will work after a while.
Can someone give me a hint here please? Thanks in advance...
Ryk Neethling
Aug 6, 2013, 5:32:28 PM8/6/13
to reca...@googlegroups.com
We are doing communication with the third party via a web api, so it is programatically. I will display the reCaptcha to the end user, capture their input, but we have some due diligence to perform before we can submit the final query to the third party. Just the way things go, we can wait a while before we get all the information from our clients. So from the time we capture their original reCaptcha input to the time we submit to the third party, could take a week or so. Will this be a problem?
Adrian Godong
Aug 6, 2013, 9:03:06 PM8/6/13
to reca...@googlegroups.com, reca...@googlegroups.com
This sounds like a spammer trying to offload the captcha process to a third party. Can you see the similarity?
---
Adrian Godong
--
You received this message because you are subscribed to the Google Groups "reCAPTCHA" group.
To unsubscribe from this group and stop receiving emails from it, send an email to recaptcha+...@googlegroups.com.
To post to this group, send email to reca...@googlegroups.com.
Visit this group at http://groups.google.com/group/recaptcha.
For more options, visit https://groups.google.com/groups/opt_out.
Ryk Neethling
Aug 6, 2013, 9:06:32 PM8/6/13
to reca...@googlegroups.com
Adrian,
Can you see the business case though? I am not offloading any functionality, not bypassing anything either. The user still enters their response once, and then the reCaptcha request is sent once.
You did not answer the original question though, does the reCaptcha 'expire'?
Adrian Godong
Aug 7, 2013, 2:22:43 AM8/7/13
to reca...@googlegroups.com
I would assume the token will expire at one time, I'm not sure how far
in the future. If it doesn't expire, then this is a pretty obvious
security hole that should get patched quickly.
For your case, CAPTCHAs are not designed for web services. You're
trying to build an automated (or semi-automated) system that can fill
in a web form in place of a human. This is exactly the use case that
CAPTCHAs are trying to stop.
I don't understand why do you need to protect a web API against
non-human request? Web API is built to be called by a program.
--
Adrian Godong
adrian...@gmail.com
in the future. If it doesn't expire, then this is a pretty obvious
security hole that should get patched quickly.
For your case, CAPTCHAs are not designed for web services. You're
trying to build an automated (or semi-automated) system that can fill
in a web form in place of a human. This is exactly the use case that
CAPTCHAs are trying to stop.
I don't understand why do you need to protect a web API against
non-human request? Web API is built to be called by a program.
Adrian Godong
adrian...@gmail.com
reCAPTCHA Support
Aug 14, 2013, 5:36:49 PM8/14/13
to reCAPTCHA
Hi Ryk,
Yes, recaptchas do expire after a period of time. We don't support the use-case you mentioned above.
Thanks,
Colin Braley from the recaptcha team
reCAPTCHA: stop spam, read books
http://www.google.com/recaptcha
http://www.google.com/recaptcha
Reply all
Reply to author
Forward
0 new messages