[Seaside] reCAPTCHA for Seaside (2.9)
laza at blobworks.com
Sat Jan 10 10:11:14 UTC 2009
Philippe Marschall schrieb:
> 2009/1/5, Alexander Lazarević <laza at blobworks.com>:
> The HTTP part of the verification code looks a bit hairy but I
> understand the desire to avoid the abomination that is HTTPSocket.
I tried to use httpPostDocument: url args: at.al. but I got no response using them. There should be a large fat warning
> The thing is that while the iframe uses HTTPS the verification doesn't.
Ah, yes. Hm, the first is the client connection while the second is the server connection. An attacker could sniff the
private key on the server connection, so I guess you are right about protecting this connection also via HTTPS.
> You might want to give the Curl Plugin  a try.
I will have a look. My aim was though to keep dependencies at a minimum.
> Besides that: cool, people writing libraries for Seaside is a good thing (tm)
I guess the more building blocks, the better for seaside. :)
More information about the seaside