如何在同一页面实现两个验证码
我们如何在同一页面上实现两个验证码用户控件。
问题:
我们有两种观点,一种是通过发送电子邮件向朋友介绍该网站,另一种是编写任何注释。告诉朋友部分是隐藏的,通过ajax发送电子邮件,注释作者部分是可见的,所以当我们需要两者但以不同的方式时,它会产生问题。
How we can implement Two recaptcha user control on the same page.
Problem :
we have two views one for tell a friend about the site by sending e-mail and another authoring any note. the tell a friend part is hidden which send e-mail through ajax and note author part is visible so it is making problem when we need both but in different way.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
重构以避免可用性问题
这似乎不合理,我建议不惜一切代价避免这种情况,因为如果您确实需要其中两个,您就会遇到严重的可用性问题。无论如何,为什么你需要两个验证码?验证码背后的主要思想是,它确保是人而不是计算机在表单中输入数据。
因此,如果页面上有一个验证码,您就可以放心。因此,如果第一个数据是由一个人填写的,那么所有其他数据也是如此,您不需要第二个数据。
但我可以看到一种场景,可以使用两个验证码。这时页面上就会有两个
。第二个验证码是您要避免的验证码。如果您向我们提供更多有关您的业务问题的详细信息,我们可以为您提供更好的答案。
既然您描述了实际的业务问题,
我建议您看一下 蜜罐技巧,这种场景更常用。因为如果您在网站上使用太多验证码,人们会感到恼火。这是一项乏味的工作,这是肯定的。蜜罐技巧可以帮助您避免这些不必要的数据输入。
另一个问题当然是:您的用户在执行这些操作时是否已登录?尤其是编辑那一关。如果是的话,您可以更好地缓解这个问题。您可以设置每个用户发送消息的时间限制。就像每分钟几个。这就是一个人会做的事情。当然,存储有关发送这些电子邮件的信息,这样您仍然可以保留用户所做操作的历史跟踪,以便您可以禁用被滥用的帐户。但是,当用户登录时,他们通常不必输入验证码,因为他们已经在身份验证阶段识别了自己的身份。
最终的问题当然是:为什么机器人会向朋友发送电子邮件?他们将无法发送任何类型的垃圾邮件,不是吗?那还有什么意义呢?如果机器人能够向用户发送垃圾邮件,那么它们更有可能滥用您的系统。通过发送包含内容的电子邮件或在您的网站上留下垃圾评论。这些表格需要进行机器人检查。
Refactor to avoid usability issue
This doesn't seem reasonable and I would suggest to avoid this at all costs, because you have a serious usability issue if you do need two of them. Why would you need two captchas anyway? The main idea behind a captcha is that it assures that there was a person entering data in the form and not a computer.
So if there's one captcha on the page, you're assured. So if the first one was filled by a person, all other data is as well and you don't need a second one.
But I can see one scenario where two captchas could come into place. And that's when you'd have two
<form>elements on the page. So a user can either submit one or the other. In this case user will always submit data from just one form and not both. So you could avoid this as well by either:The second one is the one you'd want to avoid. If you give us more details what your business problem is, we could give you a much better answer.
Alternatives
Since you described your actual business problem I suggest you take a look at the honey pot trick, that is more frequently used for this kind of scenarios. Because if you used too many captchas on your site, people would get annoyed. They are tedious work, that's for sure. Honey pot trick may help you avoid these unnecessary data entering.
The other question is of course: Are your users logged in when they have these actions available? Especially the editing one. If they are, you can better mitigate this problem. You could set a time limit per user for sending out messages. Like few per minute. That's what a person would do. And of course store the information about sending out these emails, so you can still keep historical track of what users did so you can disable accounts of this gets abused. But when users are logged in they normally don't have to enter captchas since they've already identified themselves during authentication phase.
The ultimate question is of course: Why would a bot send out emails to friends? they wouldn't be able to send any kind of spam would they? What's the point then? It's more likely that bots will abuse your system if they can spam users anyhow. Either by sending email with content or leaving spam comments on your site. These forms need to be bot checked.