Thu, 09 Apr 2026 19:39:44 +0000 https://bugs.horde.org/ticket/6014 Adding CAPTCHA to login page Hello, Is there any way to add a CAPTCHA control on the login screen (after login and password) ? Thanks Sun, 16 Dec 2007 13:29:08 +0000 https://bugs.horde.org/ticket/6014#t39965 No, and it doesn't make much sense. If you don't even trust your authentication backend, why would you trust a CAPTCHA? Sun, 16 Dec 2007 14:05:10 +0000 https://bugs.horde.org/ticket/6014#t39968 > No, and it doesn't make much sense. If you don't even trust your > authentication backend, why would you trust a CAPTCHA? The question isn't trusting or not the backend. Many robots can search to log on Horde. A CAPTCHA solution blocks robot's query. Sun, 16 Dec 2007 16:57:28 +0000 https://bugs.horde.org/ticket/6014#t39969 > No, and it doesn't make much sense. If you don't even trust your > authentication backend, why would you trust a CAPTCHA? When I say "after the login and password", I don't say that a CAPTCHA must be run after a successfull login. I just say that the field must be placed after the login and password field, but on the same page ! Sun, 16 Dec 2007 16:59:21 +0000 https://bugs.horde.org/ticket/6014#t39970 > When I say "after the login and password", I don't say that a CAPTCHA > must be run after a successfull login. I just say that the field must > be placed after the login and password field, but on the same page ! Your initial request was misleading in this regard, but I still don't see how this would help you to protect against robots. And against robots doing what exactly? Sun, 16 Dec 2007 17:12:57 +0000 https://bugs.horde.org/ticket/6014#t39973 > Your initial request was misleading in this regard, but I still don't > see how this would help you to protect against robots. And against > robots doing what exactly? Example: testing login on Horde by sending different login/password. Of course, the server will reject all bad accounts but this will cause using some resource and can cause an attack like DoS attack (server using too much time processor and other resources to treat requests). Sun, 16 Dec 2007 17:22:39 +0000 https://bugs.horde.org/ticket/6014#t39974 This is something that should be implemented in the authentication backend, not in the frontend. Sun, 16 Dec 2007 23:11:15 +0000 https://bugs.horde.org/ticket/6014#t39977 > Example: testing login on Horde by sending different login/password. > Of course, the server will reject all bad accounts but this will > cause using some resource and can cause an attack like DoS attack > (server using too much time processor and other resources to treat > requests). I agree with Jan, and further, adding a captcha to the equation just adds a _different_ resource to try to DoS. Mon, 17 Dec 2007 03:11:47 +0000 https://bugs.horde.org/ticket/6014#t39983 If you are concerned about brute force attacks, have your authentication backend have long delays on bad authentication requests. Or require passwords above a certain length. Combining captcha's with password is unneeded replication. Fri, 18 Apr 2008 21:27:02 +0000 https://bugs.horde.org/ticket/6014#t44731