Details
-
Type:
New Feature
-
Status: Closed
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 4.6.0
-
Fix Version/s: 5.1.0-b1
-
Component/s: Client Interface, Staff Interface
-
Labels:None
Description
Add an option to enable a CAPTCHA on client and admin login pages, potentially independently. This should be a setting someplace, not enabled by default. Can use reCAPTCHA, may need to have reCAPTCHA settings as a company setting, and this would be a company setting also.
If the CAPTCHA is not entered correctly, don't do a database lookup at all to verify if the user/pass is legitimate. The CAPTCHA in large part is intended to block automated brute force attacks, that can result in loss of service / overloaded MySQL.
Requires more discussion.
Activity
If the idea is to prevent automated submissions, adding it to the "Reset My Password" and "Forgot My Username" sections seems like a good idea. Without it, a bot could easily make lots of requests for those actions.. so, yeah let's do it.
Paul Phillips
added a comment - If the idea is to prevent automated submissions, adding it to the "Reset My Password" and "Forgot My Username" sections seems like a good idea. Without it, a bot could easily make lots of requests for those actions.. so, yeah let's do it. 
The captcha should added to "Reset My Password" and "Forgot My Username" as well?