ZeroStorageCaptcha
/
cpp-lib
mirror of https://github.com/ZeroStorageCaptcha/cpp-lib
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Offline captcha without any file system or database storage
25 Commits
2 Branches
4 Tags
369 KiB
C++ 100%
 
Go to file
acetone b94873df79 atomic<size_t> init fixed 2022-08-14 11:09:44 +03:00
examples beautify interface 2022-08-13 01:35:46 +03:00
pics simplest and fastest 2022-08-11 00:51:03 +03:00
LICENSE Initial commit 2022-04-23 15:57:43 -04:00
README.md typo 2022-08-13 21:13:52 +03:00
zerostoragecaptcha.cpp atomic<size_t> init fixed 2022-08-14 11:09:44 +03:00
zerostoragecaptcha.h optimaze 2022-08-13 23:46:31 +03:00

README.md

Zero storage captcha C++ headers lib

Offline captcha without any file system or database storage.

Dependency: Qt5.

Inspiration

Captcha is required in many public projects to protect against spammers and similar automated unwanted activity.

As practice shows, developers are accustomed to using external services even to use fonts (!). Obviously, implementing bot protection is more complicated than storing fonts or style sheets locally, which is why most developers turn to suck-to-free corporations.

The goal of Zero Storage Captcha is to make it easy to use a locally generated captcha picture without having to store the answer. This technology allows any project to have high-quality and ethical captcha without spending VPS disk space (CPU only yep).

How it works

When generating a captcha, the user receives a picture and a token. The token is a string key to verify the correctness of the answer. It is created based on:

BASE64( MD5_HASH( CAPTCHA_ANSWER + TIME_TOKEN + CAPTCHA_ID + SESSION_KEY ) ) + "_" + CAPTCHA_ID

  • TIME_TOKEN - temporary marker for limiting captcha life circle;
  • CAPTCHA_ID - size_t validation key for concrete captcha;
  • SESSION_KEY - random run-time session string for unique hash value.

Regular captcha token looks like this: QyhnRNJolLJxnJaSqzQVww_1.

The user, along with the picture, must provide a verification token, which he will report to the server along with the response to the picture. This can be implemented both through javascript and when generating html pages using the templating method.

The system remembers the previous time token in order to ensure the correct perception of the captcha generated a few seconds before the time token change.

Due to this architecture, the lifetime of each captcha ranges from 1.5 to 3 minutes, after which the verification token will always show failure.

To make it impossible to use one captcha twice, the used verification captcha id gets into a special cache, where it is stored for several minutes of the life cycle of the concrete captcha token. The token is considered used after the first validation check. Storing captcha id is very cheap: the id has a weight of 8 bytes (for a 64-bit system). For example, to store a million solved captchas at one time would need less than 8 MB of RAM.

To guarantee the uniqueness of captcha tokens, when generating the first captcha, creates a SESSION_KEY (random string), which takes part in creating the control hash that forms the token. For the generation of the hash is chosen MD5, as it is a productive algorithm, which is sufficiently reliable in the context of Zero Storage Captcha.

Check examples folder to see C++ interface or if your project not in C++, also you can use Zero Storage Captcha as separate cross-platform local service.