|
|
|
EU CAPTCHA and similar systems depend on Captcha validation on the receiving end of the request, in order to verify the integrity of the author of the request and avoid any non-human activity coming from entities like bots.
|
|
|
|
EU CAPTCHA can be integrated either in the front-end or in the back-end of your application. While this choice is up to the developer, **we strongly recommend back-end implementation for security reasons**.
|
|
|
|
When using front-end implementation, the response to the CAPTCHA challenge is first transmitted to the EU CAPTCHA managed service, and the CAPTCHA validation response is then returned directly to your application front-end. This results in the possibility of bypassing the entire solution by intercepting the CAPTCHA validation response communication. An attacker or a bot could tamper the validation response through a local proxy so that it always validates the CAPTCHA.
|
|
|
|
This risk can be decreased by implementing additional front-end mitigations, but implementing the required validation procedure in the back-end of the application is the only option for fully securing it against this type of attack.
|
|
|
|
|
|
|
|
|
|
|
|
<span dir="">EU CAPTCHA is multilingual with support for all official languages from the European Union. It allows you to make a request to the EU CAPTCHA Managed Service REST API using the desired language. You can include the unique language _code_ of the desired language as a query parameter (see also Language table 1). By default, the configured language is English. If the CAPTCHA solution is used on an internationalized page, further configuring EU CAPTCHA can be helpful for the user. The user can select the preferred language themselves from a drop-down list, or the developer pre-configures via integration configuration.</span>
|
|
|
|
|
|
|
|
|
| ... | ... | |
