This week's book giveaway is in the OCPJP forum. We're giving away four copies of OCA/OCP Java SE 7 Programmer I & II Study Guide and have Kathy Sierra & Bert Bates on-line! See this thread for details.
We are going to introduce Captcha to are web site, an trying to decide which is the best Captcha API to use.
I looked at reCaptcha A remote web-service based solution. But we don't control it, its hosted elsewhere, problems with it going down, and also they use dictionary words, and OCR's task is much simplified - even if it fails to recognize a letter or two it just looks up the most resembling word from a dictionary.
I looked at SimpleCaptcha simple to use, but according to the forums no longer supported and maintained, looks like its been replaced by Kaptcha.
kaptcha is a modern version of the simplecaptcha project The captchas from it appeared really hard to recognize by OCR, and were human readable too.
JCaptcha the most popular bit does not mean its the best. Its well documented for that reason I would consider using it, but there has been mention that its no longer supported. Provides liberies allowing you to build your own custom Captchas. But have read that its slower in generating an building the check image.
So am torn between using kaptcha and JCaptcha, they both look easy to implement. But seem to generate similar images easy to read by humans not by OCR's . Seem to be framework friendly both can be injected via spring.
The web site in question uses Spring MVC.
If anyone has any views on which they think is better I would welcome any input.
Captcha's don't do anything close to authenticate the user. What they claim to do is tell if the person registering is a 'bot.
They do that poorly. What they do do well is aggravate your legitimate users. I have a very hard time reading many captchas. Yet the current state of the art image readers have no problems.
Another easy way to break them is to setup a porn or other popular site, and make people solve the captcha to get to see the next video.
Figure out what your real problem is, and engineer to that.
If you dont need control, just go with reCaptcha (http://www.google.com/recaptcha/captcha). Easy to integrate, etc. HOWEVER, I had a recent experience where one customer out of millions saw a naughty word, complained, it got to a senior VP and we suddently had a project on our hands to change over to JCaptcha. Meant implementing an API and some complexity around the audio representation of the captcha. The problem? You have no control or filter over what Google is displaying through reCaptcha. In the end, it is about how much control you want.