Hi Amanda, This website's just using forms for fairly simple stuff like user comments, questions and the like. It's just been a major pain in the rear dealing with Norton Firewall situation on this, and I don't know enough programming to come up with my alternate. I think I may just work around this refers thing and deal with a little spam if it means I can keep going forward.
I'll definitely file your suggestion for when I need to go a step up. Thanks, Ali ----- Original Message ----- From: "Amanda Birmingham" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, June 05, 2003 11:56 AM Subject: [wdvltalk] RE: Is there a form out there that doesn't use refers for security? > Hi, Ali, > I don't know what your form is for, so I don't know how much trouble you > want to go to. However, I have seen a lot of sites these days (like > GoDaddy) using an image containing numbers on their forms. The user then > has to type in the numbers into a textbox. Since automated tools can't > tell what numbers are in the image, they always fail the validation, and > since humans can easily just see the numbers, the burden on real users is > minimal. > > Of course, the burden on *you* is high: you have to regenerate the image > every time the page is called (or else spammers could just go in person > once and get the correct code), which means server side code to create > images on the fly. You also have to put in server-side validation that > keeps track of which image was served and validates the returned form value > to make sure they match. > > If you're *really* worried about security, I think this is a good way to > go. However, I'd be interested to hear about any more lightweight > approaches you find! > > Amanda Birmingham > Web Application Developer > > > ____ . The WDVL Discussion List from WDVL.COM . ____ > To Join wdvltalk, Send An Email To: mailto:[EMAIL PROTECTED] > Send Your Posts To: [EMAIL PROTECTED] > To change subscription settings to the wdvltalk digest version: > http://wdvl.internet.com/WDVL/Forum/#sub > > ________________ http://www.wdvl.com _______________________ > > You are currently subscribed to wdvltalk as: [EMAIL PROTECTED] > To unsubscribe send a blank email to %%email.unsub%% > ____ � The WDVL Discussion List from WDVL.COM � ____ To Join wdvltalk, Send An Email To: mailto:[EMAIL PROTECTED] Send Your Posts To: [EMAIL PROTECTED] To change subscription settings to the wdvltalk digest version: http://wdvl.internet.com/WDVL/Forum/#sub ________________ http://www.wdvl.com _______________________ You are currently subscribed to wdvltalk as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED]
