that in the hidden form field and then do a comparison on the form post
side. I thought this would stop scrapers as they couldn't know the hash
source.
I threw this out here in another thread and asked if it had holes. Dave
Watts pointed out that anyone can visit the form page and take the
hidden field and the key pair cookie values. Once they have those and
can fake headers they can blow right past pretty much anything but the
gif-code thingie, but even that just requires a human to submit.
I'd recommend doing all of the tests you can think of. Referrers,
request method, hidden fields, input scrubbing, cfqueryparam etc. But I
don't think the solution can be made truly ironclad.
--------------------------------------------
Matt Robertson [EMAIL PROTECTED]
MSB Designs, Inc. http://mysecretbase.com
--------------------------------------------
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
