You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@flex.apache.org by mo...@comcast.net on 2013/09/25 01:42:40 UTC
Is Captcha needed in Flex application?
Just curious on the conventional wisdom whether Captcha is required in Flex desktop web applications, or if something inherent in Flex/Flash plug-in means that bots in the web cannot auto-complete user login forms (e.g. username and password) or other forms. I haven't really seen too much for Captcha type components in Flex (is it unnecessary)?
Currently my user login requests an email and password, and for new accounts, requires the user to click on a link to validate his or her email address before registering that user as a valid person. Is that sufficient?
Re: Is Captcha needed in Flex application?
Posted by Tom Chiverton <tc...@extravision.com>.
On 25/09/2013 00:42, modjklist@comcast.net wrote:
> Just curious on the conventional wisdom whether Captcha is required in Flex desktop web applications,
It stops scripts hitting your backend API directly, at the very least...
Tom
Re: Is Captcha needed in Flex application?
Posted by Stephen C <st...@stephenjc.com>.
Cross domain is not an issue, we run it from a server. It automates
Firefox.
If you need to protect from this I always ask my self. What benefit does
someone have to make a fake account. Most of my systems there is no point.
The only system I use a capcha is my ticket system.
On Sep 24, 2013 11:30 PM, "Alex Harui" <ah...@adobe.com> wrote:
>
>
> On 9/24/13 6:00 PM, "modjklist@comcast.net" <mo...@comcast.net> wrote:
>
> >Thanks Stephen for your comments. If it is a valid concern, how do people
> >address it? Do people implement Captcha type components into their login
> >forms, or something else? Anything available for this or do I need to
> >create something myself?
> I am not an expert in this area, but in theory, Flash cannot be scripted
> from another domain unless you allow it or the customer allows it.
> Automated testing drives Flash because someone gives it permission or it
> lives on the same domain.
>
> The same-domain is important because if you host this app on YouTube,
> FaceBook or other places where other people host stuff, you do get exposed
> to cross-site scripting.
>
> I don't know how the spambots work. If they sniff HTML to find form
> fields and fill them out, they won't be able to do that on Flash as easily
> if at all.
>
> -Alex
>
> >
> >
> >----- Original Message -----
> >From: "Stephen C" <st...@stephenjc.com>
> >To: users@flex.apache.org
> >Sent: Tuesday, September 24, 2013 5:29:47 PM
> >Subject: Re: Is Captcha needed in Flex application?
> >
> >Kidna, there is a video of someone automating Gmail with it. But, there
> >are
> >plenty of mail libraries for scripting languages to automate the email.
> >On Sep 24, 2013 8:21 PM, <mo...@comcast.net> wrote:
> >
> >> can it click on an auto-generated email link to complete the new user
> >> registration process, for example?
> >>
> >> ----- Original Message -----
> >> From: stephen@mymessage.us
> >> To: users@flex.apache.org
> >> Sent: Tuesday, September 24, 2013 4:56:28 PM
> >> Subject: Re: Is Captcha needed in Flex application?
> >>
> >> With sikuli you can automate flash, we use it for testing. I don't see
> >>why
> >> it cannot be used maliciously
> >>
> >>
> >>
> >>
> >> Sent from Windows Mail
> >>
> >>
> >>
> >> From: modjklist@comcast.net
> >> Sent: Tuesday, September 24, 2013 7:42 PM
> >> To: users@flex.apache.org
> >>
> >> Just curious on the conventional wisdom whether Captcha is required in
> >> Flex desktop web applications, or if something inherent in Flex/Flash
> >> plug-in means that bots in the web cannot auto-complete user login
> >>forms
> >> (e.g. username and password) or other forms. I haven't really seen too
> >>much
> >> for Captcha type components in Flex (is it unnecessary)?
> >>
> >>
> >> Currently my user login requests an email and password, and for new
> >> accounts, requires the user to click on a link to validate his or her
> >>email
> >> address before registering that user as a valid person. Is that
> >>sufficient?
>
>
Re: Is Captcha needed in Flex application?
Posted by Alex Harui <ah...@adobe.com>.
On 9/24/13 6:00 PM, "modjklist@comcast.net" <mo...@comcast.net> wrote:
>Thanks Stephen for your comments. If it is a valid concern, how do people
>address it? Do people implement Captcha type components into their login
>forms, or something else? Anything available for this or do I need to
>create something myself?
I am not an expert in this area, but in theory, Flash cannot be scripted
from another domain unless you allow it or the customer allows it.
Automated testing drives Flash because someone gives it permission or it
lives on the same domain.
The same-domain is important because if you host this app on YouTube,
FaceBook or other places where other people host stuff, you do get exposed
to cross-site scripting.
I don't know how the spambots work. If they sniff HTML to find form
fields and fill them out, they won't be able to do that on Flash as easily
if at all.
-Alex
>
>
>----- Original Message -----
>From: "Stephen C" <st...@stephenjc.com>
>To: users@flex.apache.org
>Sent: Tuesday, September 24, 2013 5:29:47 PM
>Subject: Re: Is Captcha needed in Flex application?
>
>Kidna, there is a video of someone automating Gmail with it. But, there
>are
>plenty of mail libraries for scripting languages to automate the email.
>On Sep 24, 2013 8:21 PM, <mo...@comcast.net> wrote:
>
>> can it click on an auto-generated email link to complete the new user
>> registration process, for example?
>>
>> ----- Original Message -----
>> From: stephen@mymessage.us
>> To: users@flex.apache.org
>> Sent: Tuesday, September 24, 2013 4:56:28 PM
>> Subject: Re: Is Captcha needed in Flex application?
>>
>> With sikuli you can automate flash, we use it for testing. I don't see
>>why
>> it cannot be used maliciously
>>
>>
>>
>>
>> Sent from Windows Mail
>>
>>
>>
>> From: modjklist@comcast.net
>> Sent: Tuesday, September 24, 2013 7:42 PM
>> To: users@flex.apache.org
>>
>> Just curious on the conventional wisdom whether Captcha is required in
>> Flex desktop web applications, or if something inherent in Flex/Flash
>> plug-in means that bots in the web cannot auto-complete user login
>>forms
>> (e.g. username and password) or other forms. I haven't really seen too
>>much
>> for Captcha type components in Flex (is it unnecessary)?
>>
>>
>> Currently my user login requests an email and password, and for new
>> accounts, requires the user to click on a link to validate his or her
>>email
>> address before registering that user as a valid person. Is that
>>sufficient?
Re: Is Captcha needed in Flex application?
Posted by mo...@comcast.net.
Thanks Stephen for your comments. If it is a valid concern, how do people address it? Do people implement Captcha type components into their login forms, or something else? Anything available for this or do I need to create something myself?
----- Original Message -----
From: "Stephen C" <st...@stephenjc.com>
To: users@flex.apache.org
Sent: Tuesday, September 24, 2013 5:29:47 PM
Subject: Re: Is Captcha needed in Flex application?
Kidna, there is a video of someone automating Gmail with it. But, there are
plenty of mail libraries for scripting languages to automate the email.
On Sep 24, 2013 8:21 PM, <mo...@comcast.net> wrote:
> can it click on an auto-generated email link to complete the new user
> registration process, for example?
>
> ----- Original Message -----
> From: stephen@mymessage.us
> To: users@flex.apache.org
> Sent: Tuesday, September 24, 2013 4:56:28 PM
> Subject: Re: Is Captcha needed in Flex application?
>
> With sikuli you can automate flash, we use it for testing. I don't see why
> it cannot be used maliciously
>
>
>
>
> Sent from Windows Mail
>
>
>
> From: modjklist@comcast.net
> Sent: Tuesday, September 24, 2013 7:42 PM
> To: users@flex.apache.org
>
> Just curious on the conventional wisdom whether Captcha is required in
> Flex desktop web applications, or if something inherent in Flex/Flash
> plug-in means that bots in the web cannot auto-complete user login forms
> (e.g. username and password) or other forms. I haven't really seen too much
> for Captcha type components in Flex (is it unnecessary)?
>
>
> Currently my user login requests an email and password, and for new
> accounts, requires the user to click on a link to validate his or her email
> address before registering that user as a valid person. Is that sufficient?
Re: Is Captcha needed in Flex application?
Posted by Stephen C <st...@stephenjc.com>.
Kidna, there is a video of someone automating Gmail with it. But, there are
plenty of mail libraries for scripting languages to automate the email.
On Sep 24, 2013 8:21 PM, <mo...@comcast.net> wrote:
> can it click on an auto-generated email link to complete the new user
> registration process, for example?
>
> ----- Original Message -----
> From: stephen@mymessage.us
> To: users@flex.apache.org
> Sent: Tuesday, September 24, 2013 4:56:28 PM
> Subject: Re: Is Captcha needed in Flex application?
>
> With sikuli you can automate flash, we use it for testing. I don't see why
> it cannot be used maliciously
>
>
>
>
> Sent from Windows Mail
>
>
>
> From: modjklist@comcast.net
> Sent: Tuesday, September 24, 2013 7:42 PM
> To: users@flex.apache.org
>
> Just curious on the conventional wisdom whether Captcha is required in
> Flex desktop web applications, or if something inherent in Flex/Flash
> plug-in means that bots in the web cannot auto-complete user login forms
> (e.g. username and password) or other forms. I haven't really seen too much
> for Captcha type components in Flex (is it unnecessary)?
>
>
> Currently my user login requests an email and password, and for new
> accounts, requires the user to click on a link to validate his or her email
> address before registering that user as a valid person. Is that sufficient?
Re: Is Captcha needed in Flex application?
Posted by mo...@comcast.net.
can it click on an auto-generated email link to complete the new user registration process, for example?
----- Original Message -----
From: stephen@mymessage.us
To: users@flex.apache.org
Sent: Tuesday, September 24, 2013 4:56:28 PM
Subject: Re: Is Captcha needed in Flex application?
With sikuli you can automate flash, we use it for testing. I don't see why it cannot be used maliciously
Sent from Windows Mail
From: modjklist@comcast.net
Sent: Tuesday, September 24, 2013 7:42 PM
To: users@flex.apache.org
Just curious on the conventional wisdom whether Captcha is required in Flex desktop web applications, or if something inherent in Flex/Flash plug-in means that bots in the web cannot auto-complete user login forms (e.g. username and password) or other forms. I haven't really seen too much for Captcha type components in Flex (is it unnecessary)?
Currently my user login requests an email and password, and for new accounts, requires the user to click on a link to validate his or her email address before registering that user as a valid person. Is that sufficient?
Re: Is Captcha needed in Flex application?
Posted by st...@mymessage.us.
With sikuli you can automate flash, we use it for testing. I don't see why it cannot be used maliciously
Sent from Windows Mail
From: modjklist@comcast.net
Sent: Tuesday, September 24, 2013 7:42 PM
To: users@flex.apache.org
Just curious on the conventional wisdom whether Captcha is required in Flex desktop web applications, or if something inherent in Flex/Flash plug-in means that bots in the web cannot auto-complete user login forms (e.g. username and password) or other forms. I haven't really seen too much for Captcha type components in Flex (is it unnecessary)?
Currently my user login requests an email and password, and for new accounts, requires the user to click on a link to validate his or her email address before registering that user as a valid person. Is that sufficient?