I agree with this. I run a artwork voting system on a very popular site and before I wasn't checking to see if the values of the votes (I would add up the scores and divide by the # of votes to get an average) were between 1-10 which was on the HTML form. Much to my surprise I found several scores at 1000 and several scores with values BELOW 1 trying to bring down competing pieces of art. Obviously someone had re-written the form and this is a site catering to 13-25 year olds. And there was no profit motivation either.
-----Original Message----- From: Dave Watts [mailto:[EMAIL PROTECTED] Sent: Monday, June 23, 2003 1:31 PM To: CF-Talk Subject: RE: CFMX Form Submission Hacking. > It's secure enough to the point where only somebody who can > rewrite the raw HTTP header to look like the one on my > servers, is able to get a hack through. This is hard enough > to do, and enough of a rare case, that if they did that, I'm > sure the admins would eventually (if not immediately) notice > the discrepancy (as it is calculated on the admin side), and > void the transaction. I'm trying to avoid this happening on a > large scale. I think you're overestimating the difficulty of rewriting HTTP headers. I think you're also underestimating the population of computer criminals. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. http://www.cfhosting.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
