November 26, 2006 § 1 Comment
I am planning to add CAPTCHA support to the blogging engine. For those who don’t know what CAPTCHA is, remember those web sites that ask you to enter the text displayed in a distorted image before submitting the page? That’s what CAPTCHA is. You can read more about it over here.
It is very easy to write code that would programmatically post hundreds of comments within a couple of seconds and bring your web site down. This has been the problem for many forums / blog sites, hence most blog sites do not allow anonymous comments anymore. Not many people know about my site and hence I don’t have that threat, but I want to implement a feature where you don’t have to leave the main page to add a comment or read existing comments. Having to navigate back and forth between pages breaks the reading experience. In order to implement the ability to add / read comments from the main page, I will have to use AJAX. I plan to use webservices that would add / retrieve comments. This website being open for anonymous users, anyone can add comments, which means that if someone gets the path to my webservice (which is easy, just “view source” to get it) they can easily post thousands of comments through the webservice as it would not be authenticated. The best protection against it is to add CAPTCHA support.
Here’s my plan:
Phase I: Add captcha support to the existing feedback page, see how it goes. I am in no hurry to get this done, will plan and get it out in the next couple of weeks. To create the CAPTCHA distorted images, I would be using the code from the DotNetNuke project instead of re-inventing the wheel.
Phase II: Once all hurdles from Phase I are overcome, add webservices that would create / retrieve comments from the main page on the fly.