Claude Schneegans wrote: > >>It is possible to spoof anything in an HTTP request to your server. > > Of course, but not in this case. > > How do you know that the submission was from your page? Do you check for the http referer on your action page? Like Brad Wood and Dave Francis said, someone could have submitted the data from a similar form without the js checks (like a form copied locally and submitted to your action page).
Or like Sonny Savage mentioned, it could be something simple like js failure. It's happened so often that the 0.001% of your user base has a wierd client that displayed the form anyways and jumped your validation and posted to your action page. Or, your js that checks the two required date fields has a bug. If you have a created-timestamp column on your registration table, you can map the date/time of the insertion against your web server logs to look at the form submission entry, and find out the user-agent and previous GET/POST attempts from the same IP. Also look at the status pages. CF will serve up 500 errors if there was a server exception, like a database error. If someone did try spoofing your submission page, it would have taken him multiple tries to make a successful submission, and this would be logged by the web server. The logs will also show you the referer (this is disabled by default on IIS). Also, don't eliminate the possibility that the data was not inserted through the action page. Make sure that the logs show that it was inserted by the action page. If your action page inserts into the database, and also cfmails you, then you can at least confirm via the email you received that it was submitted through the website. But if all your action page does is insert into the db and display a "success" screen to your user, then all you have to prove that it was through the website is the weblogs. If you can't find the appropriate web submission in the logs, then you have a db problem. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:308274 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
