hidden form field, you also stick it in a persistent variable scope.
That way you can compare the submitted UUID with the original value. If
they don't match, you know the form has been spoofed and can act
accordingly.
This method will stop the submission of form data without having
actually filled the form, but it wouldn't stop screen-scrapers reading
the hidden field as well as the visible ones. For that you'd need one
of those "type the word you see in the graphic" thingies (I know
there's a name for them but can never remember it).
--
Howard Fore, [EMAIL PROTECTED]
On May 10, 2004, at 10:37 PM, Andrew Grosset wrote:
> I don't follow...couldn't I just copy the uuid and place it in a
> hidden field in MY form and submit that?
>
>> Stick a uuid in a hidden field and check that you get the same one
>> back.
>> cgi.http_referer can't be trusted as it can be easily spoofed.
>
>
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
