What security features are available for form submissions in the Oracle B2C Service application?
May 2010 and newer
Oracle Service Cloud has security features tied to web form submissions. This provides customers with an extra layer of security against malicious botnets and other attacks attempting to compromise site integrity and security.
Sample CAPTCHA dialog
A CAPTCHA opens on the customer portal when the system detects abuse. Daily webform traffic is monitored and when they reach a specific threshold, then CAPTCHA is displayed. If abuse is detected, the system begins injecting CAPTCHA verification dialogs into the pages. When a user successfully completes the CAPTCHA question, the system allows their session to continue as it normally would, and abusive sessions from botnets are terminated.
Hints to keep in mind when you are prompted to be verified through CAPTCHA:
- Be sure to read what type of image it is wanting you to select, as that changes through the session.
- Scroll up and down to see all images.
- Once you do select the expected images and click Verify, it will then show the Login button on the Login screen and the "not a robot" will be pre-selected so that you can now Login.
- Since Captcha images are controlled by Google Captcha we don't have control over what appears there and the requirement for verification.
CAPTCHA cannot be completely disabled, however, the threshold can be set very high so that the customers are not prompted for verification. Contact the Oracle B2C Service team in order to raise the threshold by going to Ask Technical Support.
Customers who wish to have CAPTCHA required on every form (by default) of their end-user pages, may do so as well by editing the FormSubmit widget to include the challenge-required attribute.
1. Open the page containing the form where you want a CAPTCHA to always appear and locate the code for the FormSubmit widget.
2. Edit the FormSubmit widget code to add the challenge_required attribute. Your edited code will resemble the following.
<rn:widget path="input/FormSubmit" label_button="#rn:msg:CREATE_ACCT_CMD#" on_success_url="/app/account/overview" error_location="rn_ErrorLocation" challenge_required="true" />
3. Save the page.
For additional information, refer to the Web Form Security section in online documentation for the version your site is currently running. To access Oracle B2C Service manuals and documentation online, refer to the Documentation for Oracle B2C Service Products.