set a session var on the form page and check it on the action. "Jim McAtee" <[EMAIL PROTECTED]> wrote: Validate all fields, then it shouldn't matter if the form was your own or someone else's. Jim ----- Original Message ----- From: "Greg Wolfinger" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Friday, February 23, 2001 12:54 PM Subject: preventing hacked forms > Hey Guys: > > I was wondering what the best method is to confirm that the form variable that are submitted were from a page from the server and not some hacker downloading the source and changing stuff. I know you can use CGI.HTTP_REFERER, however this is not always passed by all browsers. Any Ideas. > > Thanx > > --=@ greg @=-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
