<div dir="ltr">No its like, we have  a brute force identification method in adv_password.php,<div>So we can do two things, recommend the developers to call recaptcha functions when brute-force exception is thrown by phpsec</div>

<div>or</div><div>trigger recaptcha function (by default) when brute force is observed.</div><div><br></div><div>I like the 2nd one, it would ease developers' task!</div></div><div class="gmail_extra"><br clear="all">

<div><div dir="ltr"><div><font color="#666666" face="courier new, monospace">Kind Regards,</font></div><font face="courier new, monospace" color="#444444">Minhaz,</font><div><font face="courier new, monospace" color="#444444"><a href="http://minhaz.cistoner.org" target="_blank">minhaz.cistoner.org</a></font></div>

</div></div>
<br><br><div class="gmail_quote">On Wed, Jul 9, 2014 at 3:52 PM, Abhishek Das <span dir="ltr"><<a href="mailto:das.abhshk@gmail.com" target="_blank">das.abhshk@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

<div dir="ltr">ReCaptcha already has a really straightforward PHP API. I don't think we need a wrapper around it. Do we?</div><div class="gmail_extra"><div><div class="h5"><br><br><div class="gmail_quote">On Fri, Jun 20, 2014 at 6:35 AM, Abbas Naderi <span dir="ltr"><<a href="mailto:abiusx@owasp.org" target="_blank">abiusx@owasp.org</a>></span> wrote:<br>


<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word">ReCaptcha from google is nice, we can have a wrapper on it. For a PHP-only captcha, the problem is that we need font and imaging libraries installed, not available on all systems.<div>


-A<br><div>
<span style="border-collapse:separate;color:rgb(0,0,0);font-family:Helvetica;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:-webkit-auto;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;border-spacing:0px"><div style="word-wrap:break-word">


<span style="border-collapse:separate;color:rgb(0,0,0);font-family:Helvetica;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:-webkit-auto;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;border-spacing:0px"><div style="word-wrap:break-word">


<span style="border-collapse:separate;color:rgb(0,0,0);font-family:Helvetica;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:-webkit-auto;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;border-spacing:0px"><div style="word-wrap:break-word">


<span style="border-collapse:separate;color:rgb(0,0,0);font-family:Helvetica;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:-webkit-auto;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;border-spacing:0px"><div style="word-wrap:break-word">


<span style="border-collapse:separate;color:rgb(0,0,0);font-family:Helvetica;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:-webkit-auto;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;border-spacing:0px"><div style="word-wrap:break-word">


<span style="border-collapse:separate;color:rgb(0,0,0);font-family:Helvetica;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:-webkit-auto;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;border-spacing:0px"><div style="word-wrap:break-word">


<span style="border-collapse:separate;color:rgb(0,0,0);font-family:Helvetica;font-style:normal;font-variant:normal;letter-spacing:normal;line-height:normal;text-align:-webkit-auto;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;border-spacing:0px"><div style="word-wrap:break-word">


<span style="border-collapse:separate;color:rgb(0,0,0);font-family:Helvetica;font-style:normal;font-variant:normal;letter-spacing:normal;line-height:normal;text-align:-webkit-auto;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;border-spacing:0px"><div style="word-wrap:break-word">


<span style="border-collapse:separate;color:rgb(0,0,0);font-family:Helvetica;font-style:normal;font-variant:normal;letter-spacing:normal;line-height:normal;text-align:-webkit-auto;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;border-spacing:0px"><div style="word-wrap:break-word">


<span style="border-collapse:separate;color:rgb(0,0,0);font-family:Helvetica;font-style:normal;font-variant:normal;letter-spacing:normal;line-height:normal;text-align:-webkit-auto;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;border-spacing:0px"><div style="word-wrap:break-word">


<div style="font-weight:normal"><div>______________________________________________________________</div><div><b>Notice:</b><b> </b>This message is <b>digitally signed</b>, its <b>source</b> and <b>integrity</b> are verifiable.</div>


<div>If you mail client does not support S/MIME verification, it will display a file (smime.p7s), which includes the X.509 certificate and the signature body.  Read more at <a href="http://abiusx.com/certified-e-mail-with-comodo-and-thunderbird/" target="_blank">Certified E-Mail with Comodo and Thunderbird</a> in <a href="http://AbiusX.com" target="_blank">AbiusX.com</a></div>


</div></div></span></div></span></div></span></div></span></div></span></div></span></div></span></div></span></div></span></div></span>
</div>
<br><div><div><div><div>On Jun 19, 2014, at 7:08 PM, Minhaz A V <<a href="mailto:minhazav@gmail.com" target="_blank">minhazav@gmail.com</a>> wrote:</div><br></div></div><blockquote type="cite"><div><div>
<div dir="ltr">since we are developing whole set of security libraries in here... shouldn't we have one for captcha too?<br>developer could directly use it whenever brute-force exception is thrown (for ex)<br><br>We don't need to develop it, we can just provide good one bundled with phpsec, so that developers do not have to fetch it!<br clear="all">




<div><div dir="ltr"><div><br></div><font color="#444444" face="courier new, monospace">Minhaz, </font><div><font color="#444444" face="courier new, monospace"><a href="http://minhaz.cistoner.org/" target="_blank">minhaz.cistoner.org</a> || <a href="http://cistoner.org/" target="_blank">cistoner.org</a></font></div>




</div></div>
</div></div></div>
_______________________________________________<br>OWASP_PHP_Security_Project mailing list<br><a href="mailto:OWASP_PHP_Security_Project@lists.owasp.org" target="_blank">OWASP_PHP_Security_Project@lists.owasp.org</a><br>


<a href="https://lists.owasp.org/mailman/listinfo/owasp_php_security_project" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp_php_security_project</a><br></blockquote></div><br></div></div><br>_______________________________________________<br>



OWASP_PHP_Security_Project mailing list<br>
<a href="mailto:OWASP_PHP_Security_Project@lists.owasp.org" target="_blank">OWASP_PHP_Security_Project@lists.owasp.org</a><br>
<a href="https://lists.owasp.org/mailman/listinfo/owasp_php_security_project" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp_php_security_project</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div></div></div><span class="HOEnZb"><font color="#888888">-- <br><div dir="ltr"><font><font face="'trebuchet ms', sans-serif">Abh</font><font face="'trebuchet ms', sans-serif">ishek Das<br>

</font></font><div>
<font face="'trebuchet ms', sans-serif">IIT Roorkee</font></div></div>
</font></span></div>
</blockquote></div><br></div>