Uploaded image for project: 'Crowd Data Center'
  1. Crowd Data Center
  2. CWD-5656

Add CAPTCHA to the password reset screen

    XMLWordPrintable

Details

    • Suggestion
    • Resolution: Unresolved
    • None
    • Core features
    • None

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

    Description

      A user contacted us complaining about the "thousands" of emails he had received from the Crowd "reset password" form.
      we checked the logs and found that 398 reset requests had been entered and generated emails in ~10 minutes.
      So we opened a ticket with our cyber security. Turns out it was their scanning of crowd that triggered it.
      So we pointed out spamming our users is bad form.
      While they will consider making an exception, they think the form "should be fixed". With a CAPTCHA or something.
      We explained that that is up to the vendor.
      Is adding CAPTCHA an option?

       

      We looked to adding it our self and realized it would take editing the form and the .pom file for Crowd.

      https://captcha.com/doc/java/howto/jsp-captcha-integration.html

      Attachments

        Activity

          People

            Unassigned Unassigned
            b40f9c207dc4 Gaven Ray
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated: