RE: preventing hacked forms

I was wondering what the best method is to confirm that the form variable that are submitted were from a page from the server and not some hacker downloading the source and changing stuff. I know you can use CGI.HTTP_REFERER, however this is not always passed by all browsers. Any

preventing hacked forms

Hey Guys: I was wondering what the best method is to confirm that the form variable that are submitted were from a page from the server and not some hacker downloading the source and changing stuff. I know you can use CGI.HTTP_REFERER, however this is not always passed by all browsers. Any

Re: preventing hacked forms

Validate all fields, then it shouldn't matter if the form was your own or someone else's. Jim - Original Message - From: "Greg Wolfinger" [EMAIL PROTECTED] To: "CF-Talk" [EMAIL PROTECTED] Sent: Friday, February 23, 2001 12:54 PM Subject: preventing hacked fo

RE: preventing hacked forms

[mailto:[EMAIL PROTECTED]] Sent: Friday, February 23, 2001 2:55 PM To: CF-Talk Subject: preventing hacked forms Hey Guys: I was wondering what the best method is to confirm that the form variable that are submitted were from a page from the server and not some hacker downloading the source

Re: [Re: preventing hacked forms]

To: "CF-Talk" [EMAIL PROTECTED] Sent: Friday, February 23, 2001 12:54 PM Subject: preventing hacked forms Hey Guys: I was wondering what the best method is to confirm that the form variable that are submitted were from a page from the server and not some hacker downloading the source and c

RE: preventing hacked forms

I was wondering what the best method is to confirm that the form variable that are submitted were from a page from the server and not some hacker downloading the source and changing stuff. I know you can use CGI.HTTP_REFERER, however this is not always passed by all browsers. Any Ideas.

Re: preventing hacked forms

: "CF-Talk" [EMAIL PROTECTED] Sent: Friday, February 23, 2001 12:54 PM Subject: preventing hacked forms Hey Guys: I was wondering what the best method is to confirm that the form variable that are submitted were from a page from the server and not some hacker downloading the source and cha

RE: preventing hacked forms

-Original Message- From: Cold Fusion [mailto:[EMAIL PROTECTED]] Sent: Saturday, 24 February 2001 8:25 AM To: CF-Talk Subject: Re: preventing hacked forms The way I know of to do this comes from the Perl scripts provided by CyberCash. The idea is that you don't want to simply pass

Re: preventing hacked forms

If it's important enough you can pass a form variable with an encoded string that uniquely identifies THIS form that you handed out. When the form is submitted you validate that the encoded string is the same one you gave out, and you don't let them be used twice. At 02:54 PM 2/23/01 -0500,