Over a year ago, we developed an online application that needed to validate internet users as human beings. We used the Captcha widget from the Mendix Appstore, developed by Mansystems. It was a straight forward Captcha widget and was very simple to implement.
Unfortunately, the widget wasn’t secure enough as it only presented a fixed sequence of images for every challenge. This meant that our application could easily be exploited by gargoyles and goblins and other things that go bump on the internet.
What to do?
reCaptcha’s purpose is to prevent unlawful or opportunistic access to your applications on the internet by other computer programs like scripts or bots. reCaptcha for Mendix is secure, because Mendix does the challenge request on the server-side using a servlet handler over a secure connection.
There is a Gotcha
One thing to keep in mind is that during the latest versions of the Modeler 4, some Cloud-ready security features have been introduced that will prevent you from accessing external links server’s side, rendering the Mendix servlet handler incapable of contacting reCaptcha.net to validate your input.
Give your Mendix app access to on port 442 for secure connections to the reCaptcha services by entering the following line in your .policy file, either in your deployment folder or Mendix installation:
permission java.net.SocketPermission "api-verify.recaptcha.net:443", "connect";