I know Allura has an anti-spam middleware in place that renames form fields automagically to non-human readable, but I have a couple of questions regarding how it works.
Firstly, I'm adding a new form and eschewing EasyWidgets for various reasons. I noticed that the form fields were not getting renamed, so I'm wondering if there's something I need to do to avail my form of the anti-spam magic, or if it's something that's tied to EW? Secondly, I noticed that the field ID values aren't changed, which makes sense as it would make writing javascript difficult, but I wonder how much renaming the field names but not the IDs actually is. I guess point is to block bots that just replay the form submission, but is it really that much of an obstacle to request the form and extract the field names by ID first? Is this a case of "any hurdle we can throw up helps, no matter how small?" Is it perhaps a hold-over of earlier attempts at spam prevention and is maybe less relevant now? Actually, I noticed that changing the field name to the original, un-magicked, field name via the debugger and then submitting the form actually works fine. Since Allura is open-source, the original field names are easy to discover and it seems that the field renaming is entirely moot. Should I just not worry about ensuring that the field renaming magic works on my new form?
