flex-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stephen C <step...@stephenjc.com>
Subject Re: Is Captcha needed in Flex application?
Date Wed, 25 Sep 2013 11:34:10 GMT
Cross domain is not an issue, we run it from a server. It automates
Firefox.

If you need to protect from this I always ask my self. What benefit does
someone have to make a fake account. Most of my systems there is no point.
The only system I use a capcha is my ticket system.
On Sep 24, 2013 11:30 PM, "Alex Harui" <aharui@adobe.com> wrote:

>
>
> On 9/24/13 6:00 PM, "modjklist@comcast.net" <modjklist@comcast.net> wrote:
>
> >Thanks Stephen for your comments. If it is a valid concern, how do people
> >address it? Do people implement Captcha type components into their login
> >forms, or something else? Anything available for this or do I need to
> >create something myself?
> I am not an expert in this area, but in theory, Flash cannot be scripted
> from another domain unless you allow it or the customer allows it.
> Automated testing drives Flash because someone gives it permission or it
> lives on the same domain.
>
> The same-domain is important because if you host this app on YouTube,
> FaceBook or other places where other people host stuff, you do get exposed
> to cross-site scripting.
>
> I don't know how the spambots work.  If they sniff HTML to find form
> fields and fill them out, they won't be able to do that on Flash as easily
> if at all.
>
> -Alex
>
> >
> >
> >----- Original Message -----
> >From: "Stephen C" <stephen@stephenjc.com>
> >To: users@flex.apache.org
> >Sent: Tuesday, September 24, 2013 5:29:47 PM
> >Subject: Re: Is Captcha needed in Flex application?
> >
> >Kidna, there is a video of someone automating Gmail with it. But, there
> >are
> >plenty of mail libraries for scripting languages to automate the email.
> >On Sep 24, 2013 8:21 PM, <modjklist@comcast.net> wrote:
> >
> >> can it click on an auto-generated email link to complete the new user
> >> registration process, for example?
> >>
> >> ----- Original Message -----
> >> From: stephen@mymessage.us
> >> To: users@flex.apache.org
> >> Sent: Tuesday, September 24, 2013 4:56:28 PM
> >> Subject: Re: Is Captcha needed in Flex application?
> >>
> >> With sikuli you can automate flash, we use it for testing. I don't see
> >>why
> >> it cannot be used maliciously
> >>
> >>
> >>
> >>
> >> Sent from Windows Mail
> >>
> >>
> >>
> >> From: modjklist@comcast.net
> >> Sent: Tuesday, September 24, 2013 7:42 PM
> >> To: users@flex.apache.org
> >>
> >> Just curious on the conventional wisdom whether Captcha is required in
> >> Flex desktop web applications, or if something inherent in Flex/Flash
> >> plug-in means that bots in the web cannot auto-complete user login
> >>forms
> >> (e.g. username and password) or other forms. I haven't really seen too
> >>much
> >> for Captcha type components in Flex (is it unnecessary)?
> >>
> >>
> >> Currently my user login requests an email and password, and for new
> >> accounts, requires the user to click on a link to validate his or her
> >>email
> >> address before registering that user as a valid person. Is that
> >>sufficient?
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message