What security features are available for form submissions in the Oracle B2C Service application?

Environment:

CAPTCHA

Resolution:

Oracle B2C Service has security features tied to web form submissions. This provides customers with an extra layer of security against malicious botnets and other attacks attempting to compromise site integrity and security.

Sample CAPTCHA dialog

A CAPTCHA opens on the customer portal when the system detects abuse. Daily webform traffic is monitored and when they reach a specific threshold, then CAPTCHA is displayed.  If abuse is detected, the system begins injecting CAPTCHA verification dialogs into the pages.  When a user successfully completes the CAPTCHA question, the system allows their session to continue as it normally would, and abusive sessions from botnets are terminated.

Hints to keep in mind when you are prompted to be verified through CAPTCHA:

1. Be sure to read what type of image it is wanting you to select, as that changes through the session.
2. Scroll up and down to see all images.
3. Once you do select the expected images and click Verify, it will then show the Login button on the Login screen and the "not a robot" will be pre-selected so that you can now Login. 
4. Since Captcha images are controlled by Google Captcha we don't have control over what appears there and the requirement for verification.

CAPTCHA cannot be completely disabled, however, the threshold can be set very high so that the customers are not prompted for verification. Contact the Oracle B2C Service team in order to raise the threshold by going to Pergunte ao Suporte Técnico.

Customers who wish to have CAPTCHA required on every form (by default) of their end-user pages, may do so as well by editing the FormSubmit widget to include the challenge-required attribute.

1. Open the page containing the form where you want a CAPTCHA to always appear and locate the code for the FormSubmit widget.

2. Edit the FormSubmit widget code to add the challenge_required attribute. Your edited code will resemble the following.
     
<rn:widget path="input/FormSubmit" label_button="#rn:msg:CREATE_ACCT_CMD#" on_success_url="/app/account/overview" error_location="rn_ErrorLocation" challenge_required="true" />

3. Save the page.

Para informações adicionais, consulte a seção Web Form and Survey Security na documentação on-line para a versão que seu site está executando no momento. Para acessar os manuais e a documentação on-line do Oracle B2C Service, consulte a Documentação para produtos Oracle B2C Service.