•  12-10-2022
  •  | 
  •  

Question

I'm implementing re-captcha. And I'm just wondering if I have to spend some time implementing CSRF or if a captcha eliminates the need for the CSRF protection?

Was it helpful?

Solution

I'm unsure how a CAPTCHA would provide any guard against CSRF. CSRF occurs when a user authenticates with a secure site, and then visits a malicious site that then submits requests to the secure site via forms, images, AJAX that leverage that authenticated connection.

CAPTCHA only ensures that someone is a human being, typically for ensuring that a commenter or a new registrant is a person, and not a bot. I would never rely on CAPTCHAs for any sort of security, as bots are now better than humans at reading some of them.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top