Release 2.6.2

Patch Release

This release is to apply the honey pot deterrent to the current production release 2.6.1.

Honeypot fields are a basic but effective first line of defense technique.

Cyber attacks via bulk data submissions into an API can be identified and prevented by adding an invisible field into the UI (User Interface) of the registration forms. People assessing the UI directly cannot see the fields, however bots/hackers can see these as they scrape the HTML not the UI. Any data submissions with hidden fields included are prevented from reaching the API.

There would be no change to the existing Journeys from a user perspective.

A Honey Catch

Below is a screenshot of what the user would see on a honey catch. It looks like the request has worked, but SysCode:807 is an indicator that the request has been trapped and this employer account will not be created or sent to Companies House or to Admin for approval. Catches are not logged in the event history or in the database.

The honey catch has been deployed in 3 places

1. Employer Registration via Companies House

To the user, it looks like the request has worked, but SysCode:807 is an indicator that the request has been trapped and the account will not be created. The registration will not or sent to Companies House or to Admin for approval.

2. Employer Registration without Companies House

3. JobSeeker Registration

Catches are not logged in the event history or in the database.