Hello all, One of the services we use is recaptcha... and without it, potentially no new user can sign up among other parts of the site. (Last night we couldn't reach the recaptcha service or 50% of the net for that matter as a pipe was down!)
So if the recaptcha service (or any other service that you depend on etc) goes down, then we effectively go down... So my question is - how do you mitigate against this? The obvious solution that comes to mind is to: Have a fallback local captcha service that is not as good as recaptcha, but will suffice for when we detect the recaptcha service is not available, and only validate against the local captcha service when we are REALLY sure the recaptcha service is down. (The validation would strictly be conditional to stop attackers just always attacking our local captcha instead of recaptcha which in theory is easier to overcome then recaptcha) The question is... how does one go about this in rails? Has anyone tried? Is there a plugin that someone has already made to wrap remote services, and on error use an alternate service (be it local or somewhere else) ? Some technical questions that comes to mind... a) How do you on the client side decide that your recaptcha script should time out (ok some some crazy jquery + ajax might solve this - but does that mean only with javascript you could do this switching of services?) b) On the controller and model side, how can we be sure that the client (and us) can't reach recaptcha (without taking such a long timeout response that would render page loading unbearable for the user) so that we only decide to relax our validation and only validate to the lesser quality service if and only if recaptcha service is down, otherwise enforce that all validations must be through recaptcha. Or have I gone about solving this problem all wrong? What would you all do? Thanks! -Chris -- You received this message because you are subscribed to the Google Groups "Ruby or Rails Oceania" group. To post to this group, send email to rails-ocea...@googlegroups.com. To unsubscribe from this group, send email to rails-oceania+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rails-oceania?hl=en.
