Skip to content

Add Captcha #12

Open
Open
Add Captcha#12
Labels
enhancementNew feature or request
Milestone
0.8.4
@cblanquera

Description

@cblanquera
cblanquera
opened on Apr 30, 2025

Describe the feature you'd like to request

Forms available for guests are prone to brute-force and DOS attacks. I want to have captcha as part of the toolkit.

Describe the solution you'd like

Ability to enable captcha on signup and/or signin forms. Ability to add captcha on any other forms.

Describe alternatives you've considered

I'd probably be open to mCaptcha since it's a free open source project. All the other alternatives have a pricing tier.

1. FriendlyCaptcha (Self-Hosted)

  • License: AGPL-3.0
  • How it works: Cryptographic puzzle solved silently in the background (no user interaction).
  • Pros:
    • Fully privacy-preserving.
    • Invisible to users.
    • Modern and secure.
  • Cons:
    • Adds some CPU load on the server for puzzle validation.

2. mCaptcha

  • License: AGPL-3.0
  • How it works: Traditional distorted text CAPTCHA.
  • Pros:
    • Fully open source and self-hostable.
    • Simple and effective.
    • Designed to resist automation.
  • Cons:
    • Not very accessible (e.g., for visually impaired users).
    • Less polished UI compared to commercial services.

3. hCaptcha

  • License: Not open source, but free to use for most websites.
  • How it works: Image-based challenges (similar to reCAPTCHA).
  • Pros:
    • Drop-in replacement for Google reCAPTCHA.
    • Strong focus on privacy and GDPR compliance.
    • Offers invisible and traditional checkbox modes.
  • Cons:
    • UI and backend are not open source.
    • Free tier may show monetized content (ads).

4. OpenCaptcha (Legacy)

  • License: GPL (no longer actively maintained)
  • How it works: Classic distorted text image CAPTCHA.
  • Pros:
    • Very lightweight.
    • Easy to deploy.
  • Cons:
    • Outdated.
    • Not resilient to modern bots.
    • No recent development.

5. DIY Captcha (Custom Implementation)

  • Examples:
    • Simple math puzzles (e.g., “What is 3 + 4?”).
    • Image recognition with locally stored assets.
    • CSS honeypots (invisible fields to trap bots).
  • Pros:
    • Full control.
    • Minimal/no dependencies.
  • Cons:
    • Easy to get wrong and may be vulnerable.
    • Not recommended unless you know what you're doing.

Summary Table

Use Case Recommended CAPTCHA
Modern, private, open source FriendlyCaptcha, mCaptcha
reCAPTCHA alternative (free) hCaptcha
Lightweight and legacy OpenCaptcha
Custom/embedded logic DIY (math + honeypot)

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Type

    No type

    Projects

    Stackpress 0.8.4 Sprint

    Status

    Todo

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions