Wednesday, March 10, 2010

Using Captcha with Google App Engine

While developing a new registration form for web application, developers want to include captcha to reduce the possibility of accounts being signed up by spammers. Captcha is a visual / audible form of text encryption which is meant to be deciphered only by humans. A spammer would have to write a heuristic program to hack the captcha.

There are many open sourced / freeware utilities available for generating Captchas.

At Cloudglow, we evaluated the following for one of our GAE application:

1. JCAPTCHA (available for download at http://jcaptcha.sourceforge.net/)
Most of the links provided on this site were not working at the time of our evaluation. We were too reluctant to test something which didn't have main links on this site working. We will get back to it sometime when the site is back in operation.

2. SimpleCaptcha (available for download at http://simplecaptcha.sourceforge.net/)
Simple captcha is a very simple and powerful utility to generate captchas. We followed SimpleCpatcha's installation and test instructions ( available at http://simplecaptcha.sourceforge.net/installing.html) and tried it first on Mac. All this was done using eclipse as IDE and it worked in GAE development environment. However when we tested the same on Windows, it immediately returned an error for java.awt.image.BufferedImage class being not supported. Since it is not on GAE's whitelist, it is not recommended to use this class. Please track the following on GAE forum for the latest updates:http://code.google.com/p/googleappengine/issues/detail?id=1423. We have not filed a bug since if a class is not white-listed by GAE, Google is not responsible for support. We can expect enhancement from google sometime later in future. We did find differences in Google's Mac GAE development server version and Windows version when it comes to complaining about classes that are not in the GAE whitelist. We are working to file a bug on that.

3. ICPATCHA (available for download at http://code.google.com/p/icaptcha/)
ICAPTCHA uses I/OStreaming which is again not listed on GAE's whitelisted classes. Hence there was no point going any further.

4. RECAPTCHA (available for download at http://recaptcha.net/)
Recaptcha is another free and popular captcha service. This will add a dependency on their service which we do not want to have. You can refer to http://gaejexperiments.wordpress.com/2010/02/22/episode-15-using-a-captcha-in-your-google-app-engine-application/ for details.

In summary, we are back to the drawing table and may end up doing a simple mathematical captcha. Guess it is good enough for now.
Posted by at
Labels: , ,

4 comments:

  1. C.ChaturvediMarch 29, 2010 at 6:56 AM

    just wondering how captcha will work on GAE, when gae says that it is not guarantee that if second request will be served by the same server/jvm?

    ReplyDelete
  2. Zvi SchreiberApril 8, 2010 at 4:47 AM

    Captcha does not require that the same server generate the image and check the code because the code can be sent and returned encrypted in a cookie

    ReplyDelete
  3. BonkersApril 18, 2010 at 12:03 AM

    @ C.Chaturvedi
    I don't think GAE has captcha support inbuilt yet. One way to do this is using a third party captcha service such as RECaptcha as mentioned in the post. Here is a link for your reference:
    http://gaejexperiments.wordpress.com/2010/02/22/episode-15-using-a-captcha-in-your-google-app-engine-application/

    ReplyDelete
  4. SEO ServicesOctober 21, 2021 at 8:22 AM

    I would like to thank you for the efforts you have made in writing this article. anti captcha key

    ReplyDelete

Subscribe to: Post Comments (Atom)