Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ReCaptcha is useless #54

Closed
JakeRobinson456 opened this issue Oct 28, 2021 · 3 comments
Closed

ReCaptcha is useless #54

JakeRobinson456 opened this issue Oct 28, 2021 · 3 comments

Comments

@JakeRobinson456
Copy link

That ReCaptcha is useless because it is only being checked on the client side.

Anybody can bypass the captcha with just a little skill in programming.

Or am I missing something?
@kevinfaveri
Copy link
Owner

it is not. Please read the README.md instructions, but TLDR is https://github.com/kevinfaveri/solana-candy-factory/blob/main/src/pages/api/validate-captcha.ts validates the captcha server side. This is a partial anti bot solution, because the best thing would be to have something on chain for this purpose.

@JakeRobinson456
Copy link
Author

I think you misunderstood me. You call the ReCaptcha api to verify the captcha on the client side. It is useless this way.

If you don't check the captcha on chain than it is literally useless. An attacker could just call the candy machine program without solving a captcha.

@kevinfaveri
Copy link
Owner

No, I think you misunderstood me. ReCaptcha here is to prevent crawler bots, not on-chain bots. The ReCaptcha IS working as it should. What you propose is another feature. As I said, a on chain solution. This might be one #47 but still too early

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kevinfaveri @JakeRobinson456