3.7. CAPTCHA
The other commonly used mechanism for preventing spambots from taking over your system is those blurry, transmogrified letters and numbers. The generic name for those things is CAPTCHA, which stands for Completely Automated Public Turing test to tell Computers and Humans Apart (which is not only one of the most tortured acronyms you'll ever see, but is, according to Wikipedia, a registered trademark of Carnegie Mellon University).
Now, I am of two minds about the familiar CAPTCHA images. On the one hand, it's true that a good implementation is difficult, if not impossible, for bots to crack. On the other hand, CAPTCHA images are not at all accessible to visually impaired users, which under certain circumstances might have legal consequences for your site. Even for users with normal sight, these images can still be awkward and are somewhat mistake-prone. In addition, users hate them.
What I'm going to do is present a simple CAPTCHA system that presents a text-based addition problem for the user to solve, such as "What is three plus the number of days in a week plus the number of fingers on a hand?" I'll leave it up to you to decide whether that is more or less irritating to a user than a fuzzy image. I'm pretty sure, though, that it will be more usable for a visually impaired user. It will use the existing token mechanism to store and validate user input. It's not a full-protection CAPTCHA — in fact, according to the somewhat sneering tone of the Wikipedia article, ...
Get Professional Ruby on Rails™ now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
