CAPTCHA stands for “Completely Automated Public Turing Test To Tell Computers and Humans Apart”. It is a computer program that can prevent automated scripts to access web sites by generating a challenge to the client side that humans can correctly respond but computers can’t. The challenges are usually image files containing a distorted text.
- CAPTCHA has many specific security applications, including the following:
- Preventing comment spam in blogs
- Preventing bots from submitting online registration
- Preventing dictionary attacks in login page
- Preventing search engine bots from indexing your web pages (However, sometimes this is what you want)
How does CAPTCHA work?
Suppose you have a web form that you only want human users to fill out. You can use a CAPTCHA program to prevent automated scripts to submit the form.
First, on the page that you want to protect, you include the distorted text image generated from your CAPTCHA program, the image ID, and an input textbox for the human users to enter their responses.
Second, you pass the image ID and the human user’s response to the CAPTCHA program.
Third, the CAPTCHA program will then decide if the response is right or wrong.