Security should always be an issue when it comes to computer applications.
Web applications and websites are even more exposed, so likely every weak spot will be exploited someday.
For years, web forms have been used by robots, spreading spam on most websites.
Captcha appeared in order to verify if the user accessing the form is human or not. It does that by showing an image with a text. The image cannot be converted into text by any OCR mechanism, but the human user is still able to read.
So how can we use recaptcha (www.recaptcha.net) with rails?
First we need rmagick installed:
sudo gem install rmagick
then we need to install the recaptcha rails plugin from github:
rails plugin install git://github.com/ambethia/recaptcha.git
add them to your gemfile:
gem 'rmagick' gem 'recaptcha'
When you register at recaptcha.net, you get a private and a public key. Use them on you environment.rb file:
ENV['RECAPTCHA_PUBLIC_KEY'] = 'your_public_key' ENV['RECAPTCHA_PRIVATE_KEY'] = 'your_private_key'
That’s it. You’re ready to put some captcha on your form.
To do that just add the following code to your form:
<%= recaptcha_tags %>
You’ll end up with something like this:
Now, when processing the form data, all you have to do is to check if the data entered is ok, by testing the verify_recaptcha method output.
if verify_recaptcha() #do whatever it's suppose to do else #alert the user / deny access end
Well, that’s it. Hope it is as useful to you as it was to me.