Home/ Questions/Q 3601464
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-18T20:37:30+00:00

I’m using the devise authentication plugin under rails 3. At the moment, I have

  • 0

I’m using the devise authentication plugin under rails 3. At the moment, I have disabled the email confirmation, so that sign up is really easy and fast.

I’m wondering if some kind of captcha is necessary to protect the site agains bots. I would like to avoid having my database filled with fake users, although this couldn’t do much harm to the system (except filling up the disks!).

If a captcha is strongly recommended, is it also true if sign in/up is restricted to HTTPS? Do bots use HTTPS?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    i think it’s a necessary evil. Wish we didnt have to use it but we dont live in an ideal world. Image twirly captcha is definitely not aesthetically nice and should really be avoided.

    I think you need to be flexible about captcha and the kind of captcha you use. The strategy will and should evolve.

    Initially when you dont have many users, you may avoid captcha altogether. Once things start picking up steam and you start seeing bots in the system, go for inivisible captcha (or reverse captcha). Reverse captcha basically relies on certain field NOT being filled by humans to identify humans (put a field which humans cant see on the form by making it invisible using css; bots will find that field, fill it and if the fields comes filled you know its not a human; a honeypot field if you will).

    Eventually when you site becomes really popular, and a target for bots, you’ll go for harder captcha which wont be easy to break but users might overlook it in order to signup to your very-very-popular site.

    So start with no captcha and then evolve.

    • 0