http_referer is a good measure....I would also strongly urge you to never put prices
and the like in a (hidden) form field, all those should be generated from a database;
also look into the cf_scriptkill custom tag or the like to prevent embedded scripts
from being run in your form fields.
Good Luck
Eric
Meagher & Geer, PLLP
>>> [EMAIL PROTECTED] 10/12/00 11:37AM >>>
> form to the our site? I don't think i can check
> cgi.http_referer because in
> this case, it will be empty (nothing). And I don't think I
> can reject all
> empty cgi.http_referer because of the cflocation. Any
<CFIF cgi.HTTP_REFERER DOES NOT CONTAIN "http://www.mydomain.com/">
Caught you!
<CFABORT>
</CFIF>
--
Aidan Whitehall <[EMAIL PROTECTED]>
Netshopper UK Ltd
Advanced Web Solutions & Services
http://www.netshopperuk.com/
Telephone +44 (01744) 648650
Fax +44 (01744) 648651
------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/[email protected]/
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/[email protected]/
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebarRsts&bodyRsts/cf_talk or send a message
to [EMAIL PROTECTED] with 'unsubscribe' in the body.
