Hi everyone 👋,
I'm implementing CAPTCHA validation in a Reactive Web App and want to ensure it's secure and aligned with best practices. Currently, I'm generating the CAPTCHA image using JavaScript, but I’d like to shift this generation to the server side for better control and security. What’s the recommended way to achieve server-side CAPTCHA image generation in OutSystems.
As an alternative approach, I'm considering using a database table to store CAPTCHA values along with a GUID for validation. Is this a good practice in OutSystems, or are there more efficient and secure ways to handle CAPTCHA validation without persisting data? I’d appreciate any suggestions, examples.
Thanks!
Hello Mohammad,
Hope you're doing well.
There are several Forge assets for CAPTCHA validation where the CAPTCHA is generated server-side.
For example:
https://www.outsystems.com/forge/component-overview/10621/captcha-o11
https://www.outsystems.com/forge/component-overview/8952/google-recaptcha-react-o11
I already used both of them and they work just fine. The first one offers a very simple approach, the second one is the recommended.
About your last question, I don't really see any value on storing the CAPTCHA alongside with a GUID in the database. This approach adds unnecessary database writes and you'll need the implement a cleanup for expired records. So why don't you simply keep it in memory (in a Session or Local variable)?
Kind regards,
Rui Barradas
Hi @Mohammad Iqbal Yusuf Sheikh ,
As per rui's comments, you can use the below forge.It is supported by OS team, any support will be given by OS teamThis also follows best practices. Hope it helps.Google Captcha by OS team
Thank You
@Irfan Ahamed Abdul Shukoor :
The component is not OutSystems Supported, but rather Trusted.
Hi Rui,
I am doing well.
As suggested the 1st forge component, I had gone through it & working fine but the image generated by captcha is not readable properly.
Is there any way we can modify this captcha image to simple image like human readable.
currently it's generating like this below screenshot:
but I want like this
For the 2nd Google reCAPTCHA Forge component for CAPTCHA validation.
Before implementing, I want to confirm:
Thank you for the quick response.
Regards,
Mohammad Iqbal
@Mohammad Iqbal Yusuf Sheikh : Please have a look at the Review section of the first forge component if you are following the demo for its implementation, as it mentions a potential security issue.
As suggested by @Rui Barradas using a professional CAPTCHA solution such as Google reCAPTCHA is a good approach. However, please ensure your Privacy Policy covers this before implementation, since Google reCAPTCHA processes user data through Google’s global infrastructure and may require user consent under GDPR.
An alternative is Cloudflare Turnstile, which provides similar protection and has a corresponding component available on the Forge. Turnstile is designed with privacy in mind and doesn’t rely on tracking or advertising cookies, making it generally easier to align with GDPR requirements.
@Mohammad Iqbal Yusuf Sheikh : Regarding your questions on
Please have a look at https://cloud.google.com/recaptcha/docs/compare-tiers
Hi Iqbal,
Below is reply from Google Recaptcha :
Thank you @Siya for the detail overview, I'll ensure our Privacy Policy covers this before implementation.