6.0.0-alpha12
6/8/25

[#6014] Adding CAPTCHA to login page
Summary Adding CAPTCHA to login page
Queue Horde Groupware Webmail Edition
Queue Version 1.0.3
Type Enhancement
State Rejected
Priority 1. Low
Owners
Requester simon (at) dedisoft (dot) com
Created 12/16/2007 (6384 days ago)
Due
Updated 04/18/2008 (6260 days ago)
Assigned
Resolved 12/16/2007 (6384 days ago)
Milestone
Patch No

History
04/18/2008 09:27:02 PM Michael Slusarz Comment #9 Reply to this comment
If you are concerned about brute force attacks, have your 
authentication backend have long delays on bad authentication 
requests.  Or require passwords above a certain length.  Combining 
captcha's with password is unneeded replication.
12/17/2007 03:11:47 AM Chuck Hagenbuch Comment #8 Reply to this comment
Example: testing login on Horde by sending different login/password.
Of course, the server will reject all bad accounts but this will
cause using some resource and can cause an attack like DoS attack
(server using too much time processor and other resources to treat
requests).
I agree with Jan, and further, adding a captcha to the equation just 
adds a _different_ resource to try to DoS.
12/16/2007 11:11:15 PM Jan Schneider Comment #7 Reply to this comment
This is something that should be implemented in the authentication 
backend, not in the frontend.
12/16/2007 05:22:39 PM simon (at) dedisoft (dot) com Comment #6 Reply to this comment
Your initial request was misleading in this regard, but I still don't
see how this would help you to protect against robots. And against
robots doing what exactly?
Example: testing login on Horde by sending different login/password. 
Of course, the server will reject all bad accounts but this will cause 
using some resource and can cause an attack like DoS attack (server 
using too much time processor and other resources to treat requests).
12/16/2007 05:12:57 PM Jan Schneider Comment #5 Reply to this comment
When I say "after the login and password", I don't say that a CAPTCHA
must be run after a successfull login. I just say that the field must
be placed after the login and password field, but on the same page !
Your initial request was misleading in this regard, but I still don't 
see how this would help you to protect against robots. And against 
robots doing what exactly?
12/16/2007 04:59:21 PM simon (at) dedisoft (dot) com Comment #4 Reply to this comment
No, and it doesn't make much sense. If you don't even trust your
authentication backend, why would you trust a CAPTCHA?
When I say "after the login and password", I don't say that a CAPTCHA 
must be run after a successfull login. I just say that the field must 
be placed after the login and password field, but on the same page !
12/16/2007 04:57:28 PM simon (at) dedisoft (dot) com Comment #3 Reply to this comment
No, and it doesn't make much sense. If you don't even trust your
authentication backend, why would you trust a CAPTCHA?
The question isn't trusting or not the backend.



Many robots can search to log on Horde. A CAPTCHA solution blocks 
robot's query.
12/16/2007 02:05:10 PM Jan Schneider Comment #2
State ⇒ Rejected		 Reply to this comment
No, and it doesn't make much sense. If you don't even trust your 
authentication backend, why would you trust a CAPTCHA?
12/16/2007 01:29:08 PM simon (at) dedisoft (dot) com Comment #1
Priority ⇒ 1. Low
State ⇒ New
Queue ⇒ Horde Groupware Webmail Edition
Summary ⇒ Adding CAPTCHA to login page
Type ⇒ Enhancement		 Reply to this comment
Hello,



Is there any way to add a CAPTCHA control on the login screen (after 
login and password) ?



Thanks
New Ticket
My Tickets
Search
Query Builder
Reports

Saved Queries

Open Bugs
Bugs waiting for Feedback
Open Bugs in Releases
Open Enhancements
Enhancements waiting for Feedback
Bugs with Patches
Enhancements with Patches
Release Showstoppers
Stalled Tickets
New Tickets
Horde 5 Showstoppers