Hi Ali, Could you please post your code (the referer section), we don't do it and Im quite curious what it looks like. Im not sure how spammers can highjack a form. If they use automated processes you can ask a fields in a form to be validated before it gets submitted (ie, look that emails are well formed, if there is text fields it should only be a certain length, all required fields filled in etc), that should curtail their process. Also make it once the form is submitted by an individual it cant be submitted again. Is the form emailed to you or is it submitted to a db? If your email is there they can pick it up and use it for spam.
:) Sonja -----Original Message----- From: Alida Saxon [mailto:[EMAIL PROTECTED] Sent: 05 June 2003 04:01 PM To: [EMAIL PROTECTED] Subject: [wdvltalk] RE: Is there a form out there that doesn't use refers for security? Hi Sonja, thanks for replying. I'm really not sure what to do with this. Cookies are possible but it's, as you mentioned, still something the visitor controls... which is where the problems are coming from to begin with. I'd like to avoid logins, especially since I've never set one up before and it's becoming something of a rush. I wish I was more of a programmer. What I'd like to do is chop out the whole referring "security" bit of code, but then I'm told it opens the form up to spamming and such. As I vaguely understand it, the refer feature makes sure that the form passing through are from your allowed domains, and not somewhere else. At this point, I almost don't care if I get spammed, so long as I don't have to look at this problem any longer. ;) There must be some some sort of form that doesn't use referrs as the means of making sure the form wasn't being hijacked. Ali ----- Original Message ----- From: "Van Der Westhuizen, Sonja" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, June 05, 2003 9:04 AM Subject: [wdvltalk] RE: Is there a form out there that doesn't use refers for security? > Hi Ali, > > If the form needs to be secure why don't you hide it behind a login session? > If you want you can set a cookie to keep users logged in, if there's not > tooo sensitive information. Downside is that users might browse with cookies > off. I don't know if Im misanderstanding. > > :) > Sonja > > Hi All, > > I'm just going crazy trying to find some solution to the situation with > forms giving "unauthorized domain" errors to Norton Personal Firewall users. > Any form I found uses refers as a means of security to keep out spammers. > But Norton's PF hides the users so well, so they get lumped in with hackers. > > Telling the user to turn off their firewall doesn't fly, and having them go > through the process of changing their settings isn't much better, because > who wants to deal with a site that makes you do more work than necessary? > Not many. > > Is there a form out there that doesn't count on user settings for it's > security? I've been googling all last night and early this morning, and it's > driving me nuts. There's got to be a good way to make a secure form that > isn't going to be butting heads with firewalls. I could comment out the > section that checks the reffers, but that defeats what little security the > form has. Help! > > Ali > ____ * The WDVL Discussion List from WDVL.COM * ____ To Join wdvltalk, Send An Email To: mailto:[EMAIL PROTECTED] Send Your Posts To: [EMAIL PROTECTED] To change subscription settings to the wdvltalk digest version: http://wdvl.internet.com/WDVL/Forum/#sub ________________ http://www.wdvl.com _______________________ You are currently subscribed to wdvltalk as: [EMAIL PROTECTED] To unsubscribe send a blank email to %%email.unsub%% ___________________________________________________________________________________________________ The views expressed in this email are, unless otherwise stated, those of the author and not those of the FirstRand Banking Group or its management. The information in this e-mail is confidential and is intended solely for the addressee. Access to this e-mail by anyone else is unauthorised. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted in reliance on this, is prohibited and may be unlawful. Whilst all reasonable steps are taken to ensure the accuracy and integrity of information and data transmitted electronically and to preserve the confidentiality thereof, no liability or responsibility whatsoever is accepted if information or data is, for whatever reason, corrupted or does not reach its intended destination. ________________________________ ____ � The WDVL Discussion List from WDVL.COM � ____ To Join wdvltalk, Send An Email To: mailto:[EMAIL PROTECTED] Send Your Posts To: [EMAIL PROTECTED] To change subscription settings to the wdvltalk digest version: http://wdvl.internet.com/WDVL/Forum/#sub ________________ http://www.wdvl.com _______________________ You are currently subscribed to wdvltalk as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED]
