The built in script protection has a secunia vulnerability posted against it stating there is a method to circumvent it. You can find it here: http://secunia.com/advisories/23281/
Simply checking the domain submitting is the referral etc is not always fool proof as we've found individuals on certain proxies get bounced everytime as performing invalid actions when they were not. The solution we came up with was salting a hash based on certain key pieces of information that come from the (authenticated) user with some randomization added, and putting that as a hidden in all forms. If the hash doesn't match up we bounce em before the form processing occurs. - dk ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| ColdFusion MX7 by AdobeĀ® Dyncamically transform webcontent into Adobe PDF with new ColdFusion MX7. Free Trial. http://www.adobe.com/products/coldfusion Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:271745 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
