Using Captcha with Google App Engine

While developing a new registration form for web application, developers want to include captcha to reduce the possibility of accounts being signed up by spammers. Captcha is a visual / audible form of text encryption which is meant to be deciphered only by humans. A spammer would have to write a heuristic program to hack the captcha.

There are many open sourced / freeware utilities available for generating Captchas.

At Cloudglow, we evaluated the following for one of our GAE application:

1. JCAPTCHA (available for download at http://jcaptcha.sourceforge.net/)
Most of the links provided on this site were not working at the time of our evaluation. We were too reluctant to test something which didn't have main links on this site working. We will get back to it sometime when the site is back in operation.

2. SimpleCaptcha (available for download at http://simplecaptcha.sourceforge.net/)
Simple captcha is a very simple and powerful utility to generate captchas. We followed SimpleCpatcha's installation and test instructions ( available at http://simplecaptcha.sourceforge.net/installing.html) and tried it first on Mac. All this was done using eclipse as IDE and it worked in GAE development environment. However when we tested the same on Windows, it immediately returned an error for java.awt.image.BufferedImage class being not supported. Since it is not on GAE's whitelist, it is not recommended to use this class. Please track the following on GAE forum for the latest updates:http://code.google.com/p/googleappengine/issues/detail?id=1423. We have not filed a bug since if a class is not white-listed by GAE, Google is not responsible for support. We can expect enhancement from google sometime later in future. We did find differences in Google's Mac GAE development server version and Windows version when it comes to complaining about classes that are not in the GAE whitelist. We are working to file a bug on that.

3. ICPATCHA (available for download at http://code.google.com/p/icaptcha/)
ICAPTCHA uses I/OStreaming which is again not listed on GAE's whitelisted classes. Hence there was no point going any further.

4. RECAPTCHA (available for download at http://recaptcha.net/)
Recaptcha is another free and popular captcha service. This will add a dependency on their service which we do not want to have. You can refer to http://gaejexperiments.wordpress.com/2010/02/22/episode-15-using-a-captcha-in-your-google-app-engine-application/ for details.

In summary, we are back to the drawing table and may end up doing a simple mathematical captcha. Guess it is good enough for now.

Making GWT RPC endpoint independent of GWT Module path

The default GWT RPC service (Servlet) endpoint is @RemoteServiceRelativePath("some_name"), which resolves to /module_base/some_name at runtime on the client. The issue with this approach is that your RPC endpoint is now tied to GWT Module. While this may be fine for some cases, it was not for our situation. Hence this post.

We ended up creating a RPC services factory class that would create a static instance of the service endpoint and also seed it with the right endpoint; something like this:

public class ServicesFactory

{

public static final RPCServiceAsync RPCService = GWT.create(RPCService.class);

static

{

((ServiceDefTarget) RPCService).setServiceEntryPoint(GWT.getHostPageBaseURL() + RPCService.END_POINT);

}

}

Note that END_POINT is defined in the service interface itself.