Uploaded image for project: 'Crowd'
  1. Crowd
  2. CWD-5656

Add CAPTCHA to the password reset screen

    XMLWordPrintable

    Details

    • Type: Suggestion
    • Status: Gathering Interest (View Workflow)
    • Resolution: Unresolved
    • Fix Version/s: None
    • Component/s: Core features
    • Labels:
      None
    • Feedback Policy:

      Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      Description

      A user contacted us complaining about the "thousands" of emails he had received from the Crowd "reset password" form.
      we checked the logs and found that 398 reset requests had been entered and generated emails in ~10 minutes.
      So we opened a ticket with our cyber security. Turns out it was their scanning of crowd that triggered it.
      So we pointed out spamming our users is bad form.
      While they will consider making an exception, they think the form "should be fixed". With a CAPTCHA or something.
      We explained that that is up to the vendor.
      Is adding CAPTCHA an option?

       

      We looked to adding it our self and realized it would take editing the form and the .pom file for Crowd.

      https://captcha.com/doc/java/howto/jsp-captcha-integration.html

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            b40f9c207dc4 Gaven Ray
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated: