Sign up to save your podcasts
Or
Share Hasty Treat - Forms, Captchas, Honeypots, Dealing With Malicious Users and the Sad State of Contact Forms
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Hasty Treat - Forms, Captchas, Honeypots, Dealing With Malicious Users and the Sad State of Contact Forms
In this Hasty Treat, Scott and Wes talk about forms, captchas, dealing with malicious users, and more!
LogRocket - SponsorLogRocket lets you replay what users do on your site, helping you reproduce bugs and fix issues faster. It’s an exception tracker, a session re-player and a performance monitor. Get 14 days free at logrocket.com/syntax.
Show Notes02:00 - So you made a form:
- Contact form
- Sales form
- Email signup for newsletter
- Bug report
- Sign up for an account
- Password reset
03:00 - Now someone is going to:
- Have a bot that submits it
- Maliciously write a bot that submits thousands
04:14 - So what can you do?
4:54 - Honey pot
- This is a field that is either hidden or you tell the user not to fill in
- Can goof up autofill
- Works in many cases
07:37 - IP Throttle
- Only allow each IP to do an action a certain number or times inside a window
- You may only try signing up once per 10 mins
09:48 Block known ASN
12:37 - Captcha
- Soft captcha: “What is 1 plus 1?”
- Annoying captcha: Type these letters
- Google captcha: Train our self driving cars
- Hidden captcha
- Cloudflare hCaptcha
- Cloudflare
- Digital Ocean
- Google reCaptcha
- Cloudflare hCaptcha
- Cloudinary
- Scott’s Instagram
- LevelUpTutorials Instagram
- Wes’ Instagram
- Wes’ Twitter
- Wes’ Facebook
- Scott’s Twitter
- Make sure to include @SyntaxFM in your tweets
View all episodes
By Wes Bos & Scott Tolinski - Full Stack JavaScript Web Developers
4.9
966966 ratings
In this Hasty Treat, Scott and Wes talk about forms, captchas, dealing with malicious users, and more!
LogRocket - SponsorLogRocket lets you replay what users do on your site, helping you reproduce bugs and fix issues faster. It’s an exception tracker, a session re-player and a performance monitor. Get 14 days free at logrocket.com/syntax.
Show Notes02:00 - So you made a form:
- Contact form
- Sales form
- Email signup for newsletter
- Bug report
- Sign up for an account
- Password reset
03:00 - Now someone is going to:
- Have a bot that submits it
- Maliciously write a bot that submits thousands
04:14 - So what can you do?
4:54 - Honey pot
- This is a field that is either hidden or you tell the user not to fill in
- Can goof up autofill
- Works in many cases
07:37 - IP Throttle
- Only allow each IP to do an action a certain number or times inside a window
- You may only try signing up once per 10 mins
09:48 Block known ASN
12:37 - Captcha
- Soft captcha: “What is 1 plus 1?”
- Annoying captcha: Type these letters
- Google captcha: Train our self driving cars
- Hidden captcha
- Cloudflare hCaptcha
- Cloudflare
- Digital Ocean
- Google reCaptcha
- Cloudflare hCaptcha
- Cloudinary
- Scott’s Instagram
- LevelUpTutorials Instagram
- Wes’ Instagram
- Wes’ Twitter
- Wes’ Facebook
- Scott’s Twitter
- Make sure to include @SyntaxFM in your tweets
More shows like Syntax - Tasty Web Development Treats
View all
Hanselminutes with Scott Hanselman
377 Listeners
Software Engineering Radio - the podcast for professional software developers
265 Listeners
.NET Rocks!
245 Listeners
The Changelog: Software Development, Open Source
285 Listeners
Thoughtworks Technology Podcast
41 Listeners
Talk Python To Me
586 Listeners
Software Engineering Daily
629 Listeners
Soft Skills Engineering
275 Listeners
Python Bytes
213 Listeners
The freeCodeCamp Podcast
485 Listeners
CoRecursive: Coding Stories
186 Listeners
The Stack Overflow Podcast
63 Listeners
The Real Python Podcast
136 Listeners
PodRocket - A web development podcast from LogRocket
58 Listeners
The Pragmatic Engineer
52 Listeners