Hi Sonja, thanks for replying. I'm really not sure what to do with this. Cookies are possible but it's, as you mentioned, still something the visitor controls... which is where the problems are coming from to begin with. I'd like to avoid logins, especially since I've never set one up before and it's becoming something of a rush. I wish I was more of a programmer.
What I'd like to do is chop out the whole referring "security" bit of code, but then I'm told it opens the form up to spamming and such. As I vaguely understand it, the refer feature makes sure that the form passing through are from your allowed domains, and not somewhere else. At this point, I almost don't care if I get spammed, so long as I don't have to look at this problem any longer. ;) There must be some some sort of form that doesn't use referrs as the means of making sure the form wasn't being hijacked. Ali ----- Original Message ----- From: "Van Der Westhuizen, Sonja" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, June 05, 2003 9:04 AM Subject: [wdvltalk] RE: Is there a form out there that doesn't use refers for security? > Hi Ali, > > If the form needs to be secure why don't you hide it behind a login session? > If you want you can set a cookie to keep users logged in, if there's not > tooo sensitive information. Downside is that users might browse with cookies > off. I don't know if Im misanderstanding. > > :) > Sonja > > Hi All, > > I'm just going crazy trying to find some solution to the situation with > forms giving "unauthorized domain" errors to Norton Personal Firewall users. > Any form I found uses refers as a means of security to keep out spammers. > But Norton's PF hides the users so well, so they get lumped in with hackers. > > Telling the user to turn off their firewall doesn't fly, and having them go > through the process of changing their settings isn't much better, because > who wants to deal with a site that makes you do more work than necessary? > Not many. > > Is there a form out there that doesn't count on user settings for it's > security? I've been googling all last night and early this morning, and it's > driving me nuts. There's got to be a good way to make a secure form that > isn't going to be butting heads with firewalls. I could comment out the > section that checks the reffers, but that defeats what little security the > form has. Help! > > Ali > ____ • The WDVL Discussion List from WDVL.COM • ____ To Join wdvltalk, Send An Email To: mailto:[EMAIL PROTECTED] Send Your Posts To: [EMAIL PROTECTED] To change subscription settings to the wdvltalk digest version: http://wdvl.internet.com/WDVL/Forum/#sub ________________ http://www.wdvl.com _______________________ You are currently subscribed to wdvltalk as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED]
