On pages where I want to be sure that the data comes from on-site, I check the
CGI.HTTP_REFERER variable. If it doesn't match the host name and script
name I'm expecting, I abort the page.
If you're really concerned about spoofing of the referrer, you could try to insert a
encoded timestamp in a hidden field on the form.
It all depends on how secure you need your form to be.
Brian Fox wrote:
> Greetings -
>
> Is there anyway to detect a forged form using Cold Fusion?
>
> Let's say some Cold Fusion generated form contains a list of 20 different
> employees categorized by condition X (where you can edit information on each
> employee). I can conceive of someone saving the form as html, adding a 21st
> employee who doesn't meet the category X specification, and submitting. I
> suppose the SQL statement on both the form generator and form processor
> could each check for the proper conditions, but because of the nature of the
> project, this ends up creating very complex SQL statements.
>
> Is there any other way to check the validity of a submitted form?
>
> Thanks,
> Brian
>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
------------------------------------------------------------------------------
To unsubscribe, send a message to [EMAIL PROTECTED] with
'unsubscribe' in the body or visit the list page at www.houseoffusion.com
