Reputation: 281
Django forms - how necessary is a CAPTCHA?
I have a general question about Django forms (specifically, a contact form) when it comes to security precautions. Should I use a CAPTCHA? Do forms written with Python not suffer the same problems as PHP ones?
Upvotes: 0
Views: 359
Answers (2)
Reputation: 1089
I ran a Django site for several years. Our feedback form got a couple of submissions per week from bots. The captcha stopped that. I suspect that the rate of bot submissions is highly variable and depends on the content of your site.
Whether or not to use a captcha comes down to a trade-off between convenience for your users vs your tolerance for junk submissions.
Upvotes: 0
Reputation: 42777
Django forms have built in protection against CSRF (a.k.a. XSRF), which is a kind of attack that allows a hacker to post stuff to your site without the logged in user meaning to. PHP doesn't.
Captchas will protect against CSRF, but they're more normally used to protect against robots filling out your form without a human involved.
So it depends what you're trying to protect against. If you want to reduce spam or similar mischeif, use a Captcha as you would in PHP. If all you're worried about is CSRF, then don't bother.
Upvotes: 3
Related Questions
- Easy-to-use django captcha or registration app with captcha?
- Including captcha in a django form
- Captcha in django admin
- How to authenticate a Django session using captcha?
- Captcha verification Python Django
- Django - avoid captcha , data being submitted by machine through automation
- How can I use Django Simple Captcha in a system that isn't using Django Forms
- Which is the simplest way to add a captcha to a Django site?
- Including CAPTCHA on user registration page with Django
- Implement Django Simple Captcha with the existing django.contrib.auth.forms