That's where I started....but the thing is, I think they can spoof that variable? Or not?
-------------------------------------------------------- Eric J. Hoffman Managing Partner 2081 Industrial Blvd StillwaterMN55082 mail: [EMAIL PROTECTED] www: http://www.ejhassociates.com tel: 651.717.4105 fax: 651.717.4101 mob: 651.245.2717 Adobe Solutions Partner Microsoft Certified Partner -------------------------------------------------------- This message contains confidential information and is intended only for [EMAIL PROTECTED] If you are not cf-talk@houseoffusion.com you should not disseminate, distribute or copy this e-mail. Please notify [EMAIL PROTECTED] immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. Eric J. Hoffman therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. -------------------------------------------------------- -----Original Message----- From: AJ Mercer [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 08, 2007 9:53 PM To: CF-Talk Subject: Re: defeating offline form posts Have a look at the CGI variables in particular CGI.HTTP_REFERER This is the page before the current one - it should have your server details in there, other wise discard. On 5/9/07, Eric J. Hoffman <[EMAIL PROTECTED]> wrote: > > Curious question here. If I think about this, if someone takes a form > of ours for login, for example, and makes a local copy on their > machine....and they set the post action to be the live server > authenticate file....what is the best way to detect this and defeat it? > Noone has ever gained access this way as of yet, but we are studying > possibilities, and this seems to me to be an attack vector. > > > > Any thoughts? A check to see if the referrer was the domain > name/login file name? Or can that be spoofed as well then? > > > > Thanks~! > > -------------------------------------------------------- > > > Eric J. Hoffman > Managing Partner > 2081 Industrial Blvd > StillwaterMN55082 > mail: [EMAIL PROTECTED] > www: http://www.ejhassociates.com > tel: 651.717.4105 > fax: 651.717.4101 > mob: 651.245.2717 > Adobe Solutions Partner > Microsoft Certified Partner > > -------------------------------------------------------- > > This message contains confidential information and is intended only for > [EMAIL PROTECTED] If you are not cf-talk@houseoffusion.com you > should not disseminate, distribute or copy this e-mail. Please notify > [EMAIL PROTECTED] immediately by e-mail if you have received this > e-mail by mistake and delete this e-mail from your system. E-mail > transmission cannot be guaranteed to be secure or error-free as information > could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, > or contain viruses. Eric J. Hoffman therefore does not accept liability for > any errors or omissions in the contents of this message, which arise as a > result of e-mail transmission. If verification is required please request a > hard-copy version. > -------------------------------------------------------- > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Upgrade to Adobe ColdFusion MX7 Experience Flex 2 & MX7 integration & create powerful cross-platform RIAs http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJQ Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:277373 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4