I really like that idea. Do something that is unique, like,
<cfset session.timestamp = URLEncodedFormat(now())>
<input type="hidden" name="uid"
value="<cfoutput>#session.timestamp#</cfoutput>">
on action page:
<cfif IsDefined("session.timestamp")>
<cfif session.timestamp eq form.uid>
form_processing_here
</cfif>
</cfif>
perhaps you could do something in a cfelse clause that redirects them to
your home page (free traffic, for your site, not theirs), gives them a
"go away" message, interfaces with the FBI's NCIC database to place them
on the top ten most wanted list, etc.
--
Billy Cravens
HR Web Development, Sabre
[EMAIL PROTECTED]
Andrea Loubier wrote:
>
> in that case,
>
> how bout setting a session variable on the form page (which can't be seen
> using 'view source' on the form page) and then running a cfif on the post
> page to see if the session variable is equal to whatever you told it to be.
> if it is than proceed with the submit, if it isn't than spit out HTML code
> that says 'error, this request was not submitted by the right page'.
> again, the cfif code can't be seen when they view source so they shouldn't
> be able to know what you're checking for.
>
> or some combination of that, HTTP referer and the java suggestion.
>
> >HTTP_REFERER can be easily spoofed. It is only a precaution - I'll bet that
> >when you do that, even when you contact the other sites, they may *still*
> >use your search afterwards.
> >
> >
> >David L. Penton, MCP
> >Consultant
> >"Mathematics is music for the mind, and Music is Mathematics for the
> >Soul. - J.S. Bach"
> >[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
>
> Andrea Loubier
> [EMAIL PROTECTED]
>
> Gothica Creative
> Digital Media Specialists
> 1801 Laws Street
> Dallas, Texas 75202
> 214.720.0884 voice
> 214.303.0698 fax
>
> -------------------------------------------------------------------------
> This email server is running an evaluation copy of the MailShield anti-
> spam software. Please contact your email administrator if you have any
> questions about this message. MailShield product info: www.mailshield.com
>
> -----------------------------------------------
> To post, send email to [EMAIL PROTECTED]
> To subscribe / unsubscribe: http://www.dfwcfug.org
-------------------------------------------------------------------------
This email server is running an evaluation copy of the MailShield anti-
spam software. Please contact your email administrator if you have any
questions about this message. MailShield product info: www.mailshield.com
-----------------------------------------------
To post, send email to [EMAIL PROTECTED]
To subscribe / unsubscribe: http://www.dfwcfug.org
