Captchas in Java

From OWASP
Jump to: navigation, search

Contents

Overview

CAPTCHA stands for "Completely Automated Public Turing test to tell Computers and Humans Apart". A CAPTCHA typically takes the form of an image containing distorted letters and/or numbers and is often used on web sites where it is important to determine whether the user is a real person or a computer program. CAPTCHA's have some drawbacks such as the lack of accessibility for the visually impaired, high CPU usage, and possible circumvention techniques. In many cases, however, CAPTCHA's can help mitigate certain types of attacks launched by malicious individuals using automated tools. At a minimum they can raise the bar enough to deter a casual attacker.

JCaptcha

JCaptcha is a Java implementation of captcha technology developed by Marc Antoine Garrigue and released as open source. JCaptcha provides Java programmers with a framework and toolset for deploying CAPTCHA's in their web applications. You can download the full package that includes JARs, API documentation, and source code from SourceForge. The latest release of JCaptcha (1.0) is available under the GNU General Public License, but later releases will be under the LGPL license.

Examples

SimpleCaptcha

SimpleCaptcha is another framework that provides Java programmers with the ability to easily add a CAPTCHA to their web applications. A number of default CAPTCHA servlets are provided, including a Chinese version. The visual representation of the CAPTCHA text can be altered using a number of filtering methods, but SimpleCaptcha does not provide an audio CAPTCHA, which limits its accessibility for the visually impaired.

Examples

reCAPTCHA

reCAPTCHA is a CAPTCHA web service that provides a visual and an audio CAPTCHA. The visual CAPTCHAs generated by reCAPTCHA cannot be customized, but are derived from text in scanned books that have already failed to be recognized by OCR technology. A number of plugins for different programming languages have been developed including a Java plugin, but it is fairly straightforward to develop your own plugin. One of the major downsides of using a web service such as reCAPTCHA is that the service might go down while your application is still running. In the case of failure, your application will either need to fail open or fail closed.