1
0
Fork 0
forked from mCaptcha/website
mcaptcha-website/content/docs/webmasters/terminology/index.md

86 lines
3.4 KiB
Markdown

---
title: "Terminology"
description: "Information about terminology used in mCaptcha, some of which unique to the project"
lead: ""
date: 2022-07-27T08:48:45+00:00
lastmod: 2020-07-27T08:48:45+00:00
draft: false
menu:
docs:
parent: "Webmasters"
---
## Authorization token
When a visitor solves the CAPTCHA and sends their solution to an
mCaptcha instance, the solution will be verified for correctness. If the
solution is correct, mCaptcha will return a single use authorization token.
This authorization token should be attached to the visitor's requited to the
protected service and the protected service should validity of the
authorization token with the mCaptcha instance and only allow authorization to
protected resource if the authorization token is valid.
## Cooldown Period
mCaptcha implements leaky bucket algorithm to measure
current traffic levels. Cooldown period specifies the leak or the time
after which a visitor addition is decremented.
For instance, if initial traffic level is 0 and a user visits one
second later, the traffic level will be incremented to 1. Now, if the
cooldown period is set to 30 seconds, the traffic level will be
decremented after 30 seconds. So after 30 seconds, the traffic level will
go from 1 to 0.
## Difficulty Factor
Difficulty factor determines the time it takes to solve a CAPTCHA. The
higher the difficulty factor, the longer it will take to generate a
proof of work for it to solve the CAPTCHA.
mCaptcha's proof of work based mechanism makes it highly accessible to
people with special needs but it is important to choose the difficulty factor
with care as very high difficulty factors will make the CAPTCHA
inaccessible to users on slow devices.
## Sitekey
Site key is a unique identifier associated with CAPTCHA configurations
created on mCaptcha. It is required to integrate a CAPTCHA with your
website.
## Visitor Threshold
mCaptcha's variable difficulty factor mechanism requires a website's traffic
statistics be split into levels, so that it can deploy the right
difficulty factor for each level.
Visitor threshold is used to traffic into levels and mCaptcha accepts a
difficulty configuration for each of these levels. When current traffic
exceeds a difficulty factor, mCaptcha will increase the difficulty
factor to the next configured level.
For instance, consider the configuration given below:
- Cool down period: 30 seconds
| Level | Difficulty Factor | Visitor Threshold |
| ----- | ----------------- | ----------------- |
| 1 | 5,000 | 2,000 |
| 2 | 50,000 | 5,000 |
| 3 | 500,000 | 10,000 |
| 4 | 5,000,000 | 15,000 |
If the website sees 2,000 requests in a 30 second window, level 1
difficulty factor(5,000) will be deployed. If the traffic increases to
5,000 requests in a 30 second window, then difficulty factor will be
upgraded to level 2(50,000). Likewise 10,000 and 15,000 requests over 30
seconds will result in difficulty factor being upgraded to 500,000 and
5,000,000 respectively.
Visitor threshold is how mCaptcha determines which difficulty factor
level to deploy. mCaptcha uses leaky bucket algorithm to keep the
visitor threshold constantly updated within the configured cool down
period. So, at any given moment the, the current visitor level will be
the amount of traffic that was served in the cool down period specified.