> Offsite forms can be submitted to use your email templates as > Spam blasters or else to send Spam to you, and such > submittals can be automated so they'll do their dirty work > without any human intervention. I just recently had this > problem with some creep attacking a site of mine with a robot > every couple of hours and solved it this way: > > <CFIF CGI.HTTP_REFERER DOES NOT CONTAIN "http://mywebsite.com";> > > Error message presented (mine is quite nasty) > > <CFABORT> > > </CFIF> > > I'm not sure how someone could spoof a domain name to defeat > this, probably by screwing around with the headers but they'd > have to know or be determined enough to figure out what they > needed to do.
Here's the header you'd have to include. Referer: http://mywebsite.com/ Not too much to that, is there? If you want to prevent people from running your code, that's what authentication and authorization is for. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! This email has been processed by SmoothZap - www.smoothwall.net ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Create Web Applications With ColdFusion MX7 & Flex 2. Build powerful, scalable RIAs. Free Trial http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJS Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:277634 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
