>> I wonder if the hacker can still submit the form with JavaScript turned off? >> How would I go about determining just what the hacker's process is?
At a base level they can copy your form page to their local server then manipulate the form submitting it to your cfc directly. I have seen people even write scripts to open the form page to obtain the server generated settings in the form and then repost them back with scripted manipulated fields. As Justin so aptly said: "Abuse can be a hard problem to solve." Dennis Powers UXB Internet - A website Design and Hosting Company P.O. Box 6028, Wolcott, CT 06716 - T:203-879-2844 W: http://www.uxbinternet.com W: http://www.ctbusinesslist.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354515 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
