Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Any harm in using global domain validity when obtaining ReCAPTCHA public/private keys?

Tags:

recaptcha

Just curious - is there any risk in using a public/private key obtained from ReCAPTCHA for intended use only on one domain, but then we ending up using it for another one.

I intended to obtain it for a specific domain, but mistakenly took the public/private key as a 'global key':

This is a global key. It will work across all domains.

Is it a 'bad thing' to use 'global keys' as opposed to one for a specific domain?

like image 868
siliconpi Avatar asked Nov 14 '22 16:11

siliconpi


1 Answers

This question was about the general subject of Google recaptcha public and private key. In one of the answers https://stackoverflow.com/q/5839628/321143 your question, about the safety of using the same key for more than one website, is addressed. It seems to be okay to do so:

Yes that's perfectly ok to use the same key pair for both local testing and server deployment (as long as you keep your private key a secret).

and

I personally use same pair of keys at 3 of my seperate web sites + at my home computer at localhost:80 for testing purposes. They all work very well

like image 64
Ellie Kesselman Avatar answered Jun 06 '23 21:06

Ellie Kesselman