forked from mCaptcha/website
86 lines
3.4 KiB
Markdown
86 lines
3.4 KiB
Markdown
---
|
|
title: "Terminology"
|
|
description: "Information about terminology used in mCaptcha, some of which unique to the project"
|
|
lead: ""
|
|
date: 2022-07-27T08:48:45+00:00
|
|
lastmod: 2020-07-27T08:48:45+00:00
|
|
draft: false
|
|
menu:
|
|
docs:
|
|
parent: "Webmasters"
|
|
---
|
|
|
|
## Authorization token
|
|
|
|
When a visitor solves the CAPTCHA and sends their solution to an
|
|
mCaptcha instance, the solution will be verified for correctness. If the
|
|
solution is correct, mCaptcha will return a single use authorization token.
|
|
|
|
This authorization token should be attached to the visitor's requited to the
|
|
protected service and the protected service should validity of the
|
|
authorization token with the mCaptcha instance and only allow authorization to
|
|
protected resource if the authorization token is valid.
|
|
|
|
## Cooldown Period
|
|
|
|
mCaptcha implements leaky bucket algorithm to measure
|
|
current traffic levels. Cooldown period specifies the leak or the time
|
|
after which a visitor addition is decremented.
|
|
|
|
For instance, if initial traffic level is 0 and a user visits one
|
|
second later, the traffic level will be incremented to 1. Now, if the
|
|
cooldown period is set to 30 seconds, the traffic level will be
|
|
decremented after 30 seconds. So after 30 seconds, the traffic level will
|
|
go from 1 to 0.
|
|
|
|
## Difficulty Factor
|
|
|
|
Difficulty factor determines the time it takes to solve a CAPTCHA. The
|
|
higher the difficulty factor, the longer it will take to generate a
|
|
proof of work for it to solve the CAPTCHA.
|
|
|
|
mCaptcha's proof of work based mechanism makes it highly accessible to
|
|
people with special needs but it is important to choose the difficulty factor
|
|
with care as very high difficulty factors will make the CAPTCHA
|
|
inaccessible to users on slow devices.
|
|
|
|
## Sitekey
|
|
|
|
Site key is a unique identifier associated with CAPTCHA configurations
|
|
created on mCaptcha. It is required to integrate a CAPTCHA with your
|
|
website.
|
|
|
|
## Visitor Threshold
|
|
|
|
mCaptcha's variable difficulty factor mechanism requires a website's traffic
|
|
statistics be split into levels, so that it can deploy the right
|
|
difficulty factor for each level.
|
|
|
|
Visitor threshold is used to traffic into levels and mCaptcha accepts a
|
|
difficulty configuration for each of these levels. When current traffic
|
|
exceeds a difficulty factor, mCaptcha will increase the difficulty
|
|
factor to the next configured level.
|
|
|
|
For instance, consider the configuration given below:
|
|
|
|
- Cool down period: 30 seconds
|
|
|
|
| Level | Difficulty Factor | Visitor Threshold |
|
|
| ----- | ----------------- | ----------------- |
|
|
| 1 | 5,000 | 2,000 |
|
|
| 2 | 50,000 | 5,000 |
|
|
| 3 | 500,000 | 10,000 |
|
|
| 4 | 5,000,000 | 15,000 |
|
|
|
|
If the website sees 2,000 requests in a 30 second window, level 1
|
|
difficulty factor(5,000) will be deployed. If the traffic increases to
|
|
5,000 requests in a 30 second window, then difficulty factor will be
|
|
upgraded to level 2(50,000). Likewise 10,000 and 15,000 requests over 30
|
|
seconds will result in difficulty factor being upgraded to 500,000 and
|
|
5,000,000 respectively.
|
|
|
|
Visitor threshold is how mCaptcha determines which difficulty factor
|
|
level to deploy. mCaptcha uses leaky bucket algorithm to keep the
|
|
visitor threshold constantly updated within the configured cool down
|
|
period. So, at any given moment the, the current visitor level will be
|
|
the amount of traffic that was served in the cool down period specified.
|