Recipes by Category
App Distribution (2) Bundle logic, interface and services for distribution. App Logic (37) The Apex programming language, workflow and formulas for logic. Collaboration (6) The Salesforce Chatter collaboration platform. Database (29) Data persistence, reporting and analytics. Integration (33) Web Service APIs and toolkits for integration. Security (9) Platform, application and data security. Tools (4) Force.com tooling User Interface (36) Visualforce MVC and metadata-drive user interfaces. Web Sites (12) Public web sites and apps with optional user registration and login.
Beta Feedback
Cookbook Home » Protect Public Forms from Spammers by Adding CAPTCHAs
Subscribe to this recipe View source code

Protect Public Forms from Spammers by Adding CAPTCHAs

Post by ronhess.0  (2010-08-26)

Status: Verified
Level: novice

Practice Motivation

Ensure that public forms that capture information are protected from spammers by building a CAPTCHA into the form, which verifies that a human is entering the data.

Description

Bots and other spammer malware can spam public forms - for example, forms that you've built with Visualforce on Force.com Sites. As a result, you will be overwhelmed with bad data, and potentially a lot more - for example these attacks could cause a denial of service event.

Discussion

A CAPTCHA is a challenge-response test used in applications to determine whether a human or a computer is interacting with the application. You've probably seen them — colorful images with distorted text at the bottom of Web registration forms. CAPTCHAs are used by many websites to prevent abuse from "bots," or automated programs usually written to generate spam. No computer program can read distorted text as well as humans can, so bots cannot navigate sites protected by CAPTCHAs.

To add CAPTCHA to your forms, follow the tutorial here.

References

Share

Recipe Activity - Please Log in to write a comment

I'm assuming it's the path to 'http://www.google.com/recaptcha/api/verify' that is the culprit. I searched the official captcha website to look for any url's, but didn't find any

by dmitchell06092011  (2012-01-24)

I have added the Controller class code to an existing contoller for my "sites" which allowed me to save, so I'm assuming the controller is good.  I have also pasted the code from the page sample, and that too saved, but when I view the page, the "submit" button appears to work, but no CAPTCHA image shows on the page.  As a goof, I submitted the form and received the message that my value didn't match [ Try Again! ] button then shows...  So it looks like the behavior is working, just no image for the user to have an opportunity to pass a matching variable...  Can you help!

Thanks!

by dmitchell06092011  (2012-01-24)

X

Vote to Verify a Recipe

Verifying a recipe is a way to give feedback to others and broaden your own understanding of the capabilities on Force.com. When you verify a recipe, please make sure the code runs, and the functionality solves the articulated problem as expected.

Please make sure:
  • All the necessary pieces are mentioned
  • You have tested the recipe in practice
  • Have sent any suggestions for improvements to the author

Please Log in to verify a recipe

You have voted to verify this recipe.