I know captcha/reCAPTCHA is good to prevent spam posts as bots normally cannot bypass the challenges given by captcha/reCAPTCHA and thereby prevents bots submitting forms automatically.
Suppose there is a site in which only logged in users are able to submit the form. This reduces the risk of arbitrary form submission. But still a user can login, get session and make use of bots for form submission. So, here also captcha/reCAPTCHA can help.
I am developing a website and was wondering how captcha/reCAPTCHA can help still in terms of performance.
for example, even if we use captcha/reCAPTCHA, the form submission still happens (unless use captcha gets validated in javascript which does not make any sense) and the server need to communicate to captcha provider (or process internally). So, if somebody is flooding the system with multiple requests, effectively the server load may be higher than in case of submission without captcha (even if database processing is involved)
Similarly even if somebody wants to flood the server and bring it down, multiple requests can be fired on a page which fetched data from db (may be using different ips) and still bring down the server. i.e., this may not give any protection from a determined attacker.
So why captcha/reCAPTCHA is used and how it is helping us in reducing server load. Please answer in the context of using captcha/reCAPTCHA and not in terms of using any other methods. Probably a better use of captcha/reCAPTCHA is in the login form to prevent brute force attack or to prevent spam bots making entries in databases using form submission. But this may not increase the performance in any way. Am i right here?
My knowledge in programming is limited and this may be a silly question. But I am not able to clear doubt even after lot of reading and hence posting this question here. thanks.
