Google Recaptcha

1
votes

I'm new to using Google Recaptcha and wondering if the response a user types into the recaptcha field can be stored/sent to my own server or does it go directly to Google without me having ability to know what user typed in?

And is it possible for me to show captcha from another website on my own website?

2
securitycaptcharecaptcha
Didn't google switch to using the "I'm not a robot" checkbox? In either case, they are both in an iframe, and all the restrictions of capturing that data are the same as accessing any data in an iframe.Gray
You seem to be asking 2 completely different questions here - it would be preferable to separate these into 2 separate questions (although you'd probably at least need to elaborate a bit on the second question - as it stands it's probably too broad and unclear) (although it's possible that neither question is appropriate to begin with).Bernhard Barker
What do you really want to achieve? Please give us a hint what you want. Then it would be a lot easier to help you!bestprogrammerintheworld
If you are using recaptcha v2, check "Igor Savinkin" answer,he has explained in detail. Your second question is not clear.radiant

2 Answers

1
votes

ReCaptcha v2.0

As for the reCaptcha v2.0 introduced to the end of 2014, this is the new kind, the behaviour captcha. So the google checks user clicking captcha based on his behaviour, not interacting with your server. Google puts response in special form's hidden text-area field into HTML of a web page in user's browser: g-recaptcha-response field. Yet, after that user submits the form along with this field to your server and you still need to check if the clicked user is bot or not because you need to decode g-recaptcha-response (time and client depending). You do it by sending g-recaptcha-response to google's server and getting back true or false.

Resume:

  1. Google interacts with client's reCaptcha undependently of your server.
  2. As user submits the form you get response value, yet it's encoded.
  3. You are responsible to decode it, again sending it to google.

Read more here.

0
votes

According to the Google reCAPTCHA docs, it needs your application to send a POST request to a website to verify with 2 parameters, so it goes through your application, but after that, it goes to the Google server, then comes back to you with a JSON object. So yes, when a user submits your form, you have to handle it, so you can store it, but I have no idea what the response says anyway. Here is more information.

And no, you cannot show another CAPTCHA - you need a custom private and public key, for your and Google's use. If you need help implementing your own CAPTCHA, click here. But keep in mind, like @Gray said, they made reCAPTCHA v2.