Over three days we will be releasing Rails Plugins extracted from LogiLogi.org in a little Plugin Triathlon. And then on Sunday, the fourth day, we will present the three of them (at least two, three if time permits) in the Ruby and Rails room of the FOSDEM in Brussels. And the first one is released today. It is Thorny Form
Thorny Form is a Rails plugin for unobtrusively protecting forms against form-SPAM. It adds extra fields like a honeypot and some others which can then be checked before the form-data is used in your application. It is not an unbreakable solution, but it is likely to continue to work for quite some time. The following joke from Ned Batchelders blog nicely sketches why:
> Jim and Joe are out hiking in the forest, when in the distance, they see a huge bear. The bear notices them, and begins angrily running toward them. Jim calmly checks the knots of his shoes and stretches his legs.
> Joe asks incredulously, “What are you doing? Do you think you can outrun that bear!?”
> Jim replies, “I don’t have to outrun the bear, I just have to outrun you.”
To use Thorny Form you just need to change two lines per form. First in the view form_for has to be replaced by thorny_form_for (remote_form_for by remote_thorny_form_for). Then in the controller you have to add a check for spam in the shape of self.thorny_form_free_of_spam?. See the full Thorny Form docs for a code example and installation instructions.