[Freeipa-devel] [RFC] Community Portal Captcha
Simo Sorce
simo at redhat.com
Fri Jul 10 17:33:37 UTC 2015
On Fri, 2015-07-10 at 13:05 -0400, Drew Erny wrote:
> Hi, All,
>
> I think some of you discussed with me the details of the community
> portal captcha with me on IRC. Yesterday, I wrote up a design proposal
> for the captcha system that I'd like some of you to take a look at and
> check to see that I'm understanding it correctly, and that this captcha
> method is secure.
>
> http://www.freeipa.org/page/V4/Community_Portal_Captcha
>
If you are going to use a DB for storing the HMAC signatures, then you
can also store there the key used to generate them IMO. You generate the
key from os.urandom(16) if it is not found (in which case you can also
remove all the HMACs present in the DB as none will validate anymore).
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-devel
mailing list