Comments (3)
The tradeoff we are considering is: allowing the captcha provider to return a BLOB will simplify the interface, but the downside in security is uncertain.
One possible solution: the framework can let the Captcha provider return a list of images. If there is only one image in the list, then the framework can encode to PNG, else encode to GIF / APNG.
Going into details, the Captcha provider needs to return a list of (Image, Duration) tuples. The duration is the time in milliseconds that the frame should be visible. Further information could be added such as a clear
flag, that will clear the accumulated frame before compositing the next frame.
from lc-core.
Security wise, I think the risk is minimal. The browser is going to be the only consumer of the BLOB returned by the Captcha provider, and browsers already need to defend against malignant image payloads.
If, in the future, other consumers need to read the BLOB, then we can revisit this issue.
from lc-core.
closed via #12
from lc-core.
Related Issues (20)
- Config parameters that have defaults should be optional HOT 6
- Consider using jsoniter instead of json4s
- RainDropsCaptcha may return the same code multiple times HOT 15
- Same captcha image returned ten times consecutively under circumstances HOT 8
- `maxAttempts` should be a fraction instead of an absolute number HOT 1
- Dockerfile is broken, does not build
- Update h2
- playgroundEnabled not working in configuration (Docker setup) HOT 3
- Plugin system for captcha providers
- Config option to specify H2 database URL
- Config option to specify maxAttempts for a CAPTCHA HOT 4
- Ability to specify config file HOT 1
- Background thread always generates captchas of a single type
- Set DPI on PNG images
- Output of GifCaptcha is confusing HOT 1
- Crumpled text Captcha
- Hello world style example? HOT 2
- Update H2 DB to 2.0.202 HOT 1
- Passing size in the captcha request doesn't make any difference HOT 9
- captchaExpiryTimeLimit in secs?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from lc-core.