I was wondering what the best method is to confirm that the
form variable that are submitted were from a page from the
server and not some hacker downloading the source and
changing stuff. I know you can use CGI.HTTP_REFERER, however
this is not always passed by all browsers. Any
Hey Guys:
I was wondering what the best method is to confirm that the form variable that are
submitted were from a page from the server and not some hacker downloading the source
and changing stuff. I know you can use CGI.HTTP_REFERER, however this is not always
passed by all browsers. Any
Validate all fields, then it shouldn't matter if the form was your own or
someone else's.
Jim
- Original Message -
From: "Greg Wolfinger" [EMAIL PROTECTED]
To: "CF-Talk" [EMAIL PROTECTED]
Sent: Friday, February 23, 2001 12:54 PM
Subject: preventing hacked fo
[mailto:[EMAIL PROTECTED]]
Sent: Friday, February 23, 2001 2:55 PM
To: CF-Talk
Subject: preventing hacked forms
Hey Guys:
I was wondering what the best method is to confirm that the form
variable that are submitted were from a page from the server and
not some hacker downloading the source
To: "CF-Talk" [EMAIL PROTECTED]
Sent: Friday, February 23, 2001 12:54 PM
Subject: preventing hacked forms
Hey Guys:
I was wondering what the best method is to confirm that the form variable
that are submitted were from a page from the server and not some hacker
downloading the source and c
I was wondering what the best method is to confirm that the
form variable that are submitted were from a page from the
server and not some hacker downloading the source and
changing stuff. I know you can use CGI.HTTP_REFERER, however
this is not always passed by all browsers. Any Ideas.
: "CF-Talk" [EMAIL PROTECTED]
Sent: Friday, February 23, 2001 12:54 PM
Subject: preventing hacked forms
Hey Guys:
I was wondering what the best method is to confirm that the form variable
that are submitted were from a page from the server and not some hacker
downloading the source and cha
-Original Message-
From: Cold Fusion [mailto:[EMAIL PROTECTED]]
Sent: Saturday, 24 February 2001 8:25 AM
To: CF-Talk
Subject: Re: preventing hacked forms
The way I know of to do this comes from the Perl scripts provided by
CyberCash.
The idea is that you don't want to simply pass
If it's important enough you can pass a form variable with an encoded string that
uniquely identifies THIS form that you handed out. When the form is submitted you
validate that the encoded string is the same one you gave out, and you don't let them
be used twice.
At 02:54 PM 2/23/01 -0500,
9 matches
Mail list logo