Jerboa app and Lemmy 0.18

Ruud@lemmy.worldmod to Lemmy.World Announcements@lemmy.world – 107 points –

The 0.18 version of Lemmy was announced. This will solve many issues.

But we can't upgrade yet because the captcha was removed, and captcha relied on Websockets, which are removed in 0.18 so despite the devs agreeing on my request to add captcha back, this will not be until 0.18.1. Without captcha we will be overrun by bots.

Hopefully this 0.18.1 will be released soon, because another issue is that the newest version of the Jerboa app won't work with servers older than 0.18. So if you're on Lemmy.world, please (temporarily) use another app or the web version.

124

You are viewing a single comment

Captchas depended on websockets which were removed.

https://github.com/LemmyNet/lemmy/issues/3200#issuecomment-1600505757

"Note that captcha uuids and answers were stored in-memory in the websocket server which is removed now, so its necessary to add a new database table for captchas."

No need for a database table, just encrypt the solution and encode it in the filename.

You don't want to provide any more info to the client that you need to. Otherwise someone can write a robot that decrypts that filename and breaks the captcha.

Encrypted means encrypted with real cryptography, using a secret key known only to the server. If a random robot can break that, we are all in trouble. Almost all internet security depends on basically similar cryptography.