flex-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alex Harui <aha...@adobe.com>
Subject Re: Is Captcha needed in Flex application?
Date Wed, 25 Sep 2013 03:30:22 GMT


On 9/24/13 6:00 PM, "modjklist@comcast.net" <modjklist@comcast.net> wrote:

>Thanks Stephen for your comments. If it is a valid concern, how do people
>address it? Do people implement Captcha type components into their login
>forms, or something else? Anything available for this or do I need to
>create something myself?
I am not an expert in this area, but in theory, Flash cannot be scripted
from another domain unless you allow it or the customer allows it.
Automated testing drives Flash because someone gives it permission or it
lives on the same domain.

The same-domain is important because if you host this app on YouTube,
FaceBook or other places where other people host stuff, you do get exposed
to cross-site scripting.

I don't know how the spambots work.  If they sniff HTML to find form
fields and fill them out, they won't be able to do that on Flash as easily
if at all.

-Alex

> 
>
>----- Original Message -----
>From: "Stephen C" <stephen@stephenjc.com>
>To: users@flex.apache.org
>Sent: Tuesday, September 24, 2013 5:29:47 PM
>Subject: Re: Is Captcha needed in Flex application?
>
>Kidna, there is a video of someone automating Gmail with it. But, there
>are 
>plenty of mail libraries for scripting languages to automate the email.
>On Sep 24, 2013 8:21 PM, <modjklist@comcast.net> wrote:
>
>> can it click on an auto-generated email link to complete the new user
>> registration process, for example?
>> 
>> ----- Original Message -----
>> From: stephen@mymessage.us
>> To: users@flex.apache.org
>> Sent: Tuesday, September 24, 2013 4:56:28 PM
>> Subject: Re: Is Captcha needed in Flex application?
>> 
>> With sikuli you can automate flash, we use it for testing. I don't see
>>why 
>> it cannot be used maliciously
>> 
>> 
>> 
>> 
>> Sent from Windows Mail
>> 
>> 
>> 
>> From: modjklist@comcast.net
>> Sent: Tuesday, September 24, 2013 7:42 PM
>> To: users@flex.apache.org
>> 
>> Just curious on the conventional wisdom whether Captcha is required in
>> Flex desktop web applications, or if something inherent in Flex/Flash
>> plug-in means that bots in the web cannot auto-complete user login
>>forms 
>> (e.g. username and password) or other forms. I haven't really seen too
>>much 
>> for Captcha type components in Flex (is it unnecessary)?
>> 
>> 
>> Currently my user login requests an email and password, and for new
>> accounts, requires the user to click on a link to validate his or her
>>email 
>> address before registering that user as a valid person. Is that
>>sufficient? 


Mime
View raw message