stackoom
  简体   繁体   中英

google ReCaptcha v2: What constitutes a server-side integration?

 原文  2017-03-29 18:16:07       javascript/ security/ client-side/ server-side/ recaptcha

Question

I want to implement google's recaptcha v2 on a sign up form for my app. I have read in a lot of places that "client-side" verification isn't enough, and that you should implement it on the server side as well because of bots possibly being able to force false positive responses, etc.

Now in google's recaptcha documentation it says you need to perform a POST Request for "server-side verification" (and to be the most secure in terms of verifying the captcha response value). If I make this POST Request in client-side javascript to google's servers, does that suffice as secure? Or does my post request NEED to happen on server-side code such as express?

1 answers

solution1
 0  2017-05-24 13:57:53

The POST request needs your secret / private key as a parameter. You should not publish your secret / private key. Which you would when you send the POST via JavaScript.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question reCAPTCHA V2 Failing On Server Side Validation Cannot Integrate reCAPTCHA v2 (server side) in ASP.NET Google Recaptcha v2 and preventdefault ReCaptcha v2 client side events Google reCAPTCHA v2 ignores CSS alignment Google reCAPTCHA v2 not displaying on page Enable button on callback if recaptcha successful (Google recaptcha v2) Automatically send a form when google recaptcha V2 is completed How Can I Check if Google Recaptcha V2 Puzzle is Displayed? Remove manual challenge from google reCaptcha v2
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM