tags:

views:

3229

answers:

5
+1  Q: 

Recommendations for java captcha libraries

I'm looking for a replacement for JCaptcha, which doesn't seem to be maintained any more, and isn't very good to begin with. The replacement has to integrate nicely with JavaEE webapps.

As I can see it, there are three options:

  • JCaptcha - No longer maintained, crude API
  • SimpleCaptcha - much nicer API, nicer captchas, but seems to be Java6 only
  • ReCaptcha - easy to use, uses remote web-service to generate captchas, but not much control over look and feel

Has anyone used any others, that they'd recommend?

+2  A: 

ReCaptcha is the only captcha you should use, because it's the only captcha that makes the world better (improve OCR results to old text), with almost unlimited database.

All other captchas are usually limited by its database, or do nothing good to this world.

Francis  2009-05-01 07:22:08
OK, but benefit to humanity wasn't really on my list of priorities :) Also, JCaptcha and SimpleCaptcha generate randomised captchas, so database size is not an issue.
skaffman  2009-05-01 07:24:17
All randomized captchas are proved to be easily attacked in comparison to pre-generated databases, that's why almost all good captchas use databases.
Francis  2009-05-01 07:26:08
one more thing - many captchas with colorful / rotated backgrounds / lines / images, are too complex for majority user (ex, the famous Cat Number used by rapidshare).recaptcha, on the contrary, is based on real English words so it's eaiser for most people. You won't want to apply a captcha that 90% people will send you the mail saying that "I can't pass the cpatcha)...
Francis  2009-05-01 07:32:38
I question the statement that randomized capthas are more easily attacked than database backed captcha. On the subject of ReCaptcha, one benefit is that what it puts in front of the human is a word which a quality OCR implementation has already failed on.
Software Monkey  2009-05-02 07:22:54
@Francis: based on english words may be a benefit for english speaking people yes but there are others too. btw. maybe add this link to your answer: http://recaptcha.net/
Chris  2009-11-15 11:50:24
+2  A: 

What happens when ReCaptcha is down/unavailable? Does your service simply stop? Do you simply stop signing people up when it's down? Do you allow users to sign up even if ReCaptcha isn't running? If so, what are the security implications of this? Especially if you use CAPTCHA for more than just signup, e.g. reset password forms, login forms, ... which would not be acceptable to use without the CAPTCHA component.

The Java world of CAPTCHAs is in a sad state, with SimpleCaptcha seemingly the best solution for those of us out there that cannot accept a hosted service.

Mike  2009-08-03 09:54:54
You make a good point.
skaffman  2009-08-03 09:59:23
Come on, do you really think your service is more stable than ReCaptcha, especially when google accuired it? Even Facebook is using ReCaptcha, so don't worry unless you are running a bigger service than Facebook...I still don'think there's any captcha system better than ReCaptcha.
Francis  2009-11-18 03:19:56
Google has been down several times before (Not just Gmail, but search as well). If you have your own service, that is only used by you, then you can comfortably say that when your captcha is down, your whole system is down.I do wonder what Facebook would do in the event of an outage - would they have to bare it until fixed? Do they have a backup plan? Is an outage even that important to them? If you provide services more important than viewing who poked you, or you have a SLA requirement, then the solution is not as simple as 'just wait it out'.
Mike  2009-11-27 13:02:21
+2  A: 

I created http://kaptcha.googlecode.com before recaptcha became as popular as it is today. It also offers you the ability to host it yourself, which may be necessary in some situations.

Kaptcha is a heavily modified and updated version of SimpleCaptcha and supports JDK5/6.

Jon Stevens  2010-02-02 06:30:53
A: 

Hi Jon Stevens,

I am not sure why, I couldnt get Kaptcha to work on google app engine.

Regards, Xuwei

xuwei  2010-05-15 08:12:04
A: 

Kaptcha is a nice alternative to Recaptcha if you are looking to host your own captcha service instead of relying on a third party captcha service (like recaptcha).

Sasi  2010-07-06 21:42:31

related questions

Java Time Zone is messed up
Eclipse on win64
Automate builds for Java RCP for deployment with JNLP
Why are professors or schools picking Java over C++ to teach to students?
Is there a real benefit of using J#?
Public/Popular Websites using JavaServer Faces
Why can't I use a try block around my super() call?
Accessing post variables using Java Servlets
Personal Linux web server
Is this really widening vs autoboxing?
How can I Java webstart multiple, dependent, native libraries?
Why can't I call toString() on a Java primitive?
How do I use Java to read from a file that is actively being written?
What code analysis tools do you use for your Java projects?
IllegalArgumentException or NullPointerException for a null parameter?
How do I configure and communicate with a serial port?
What is the best way to parse strings in Java
Getting started with a custom JXTA PeerGroup
Creating a custom button in Java
How to get started "writing" a code coverage tool?
Which Build-/Configuration Management Tool?
What is the difference between an int and an Integer in Java/C#?
What is the meaning of the type safety warning in certain Java generics casts?
How would you access Object properties from within an object method?
Converting CSV File to XML in Java