form security

M

middletree

I'm doing s simply email form, with just three fields, one each for name,
email, and the message body of the email. It goes straight to CDO, and takes
the user to a thank you page.

What kind of damage can I expect to need to protect myself from? I mean, if
there were a database involved, I'd need to protect against SQL injection,
things like that. But in this case, there's no database. I plan to put a
maxlength on the fields, but is there anything else I should beware of, and
if so, what can be done about it?
 
A

Aaron Bertrand [MVP]

Well, for one, you might want to protect yourself from being accused a
spammer. Is it easy for me to type in anyone's e-mail address?

If you explain the purpose of the form, you might get better answers.
 
M

middletree

Since I don't have the pages on the web yet, I can't show you the finished
product. But if you go to my web site at www.middletree.net, you'll see by
clicking the left links that there are several articles--short bible
studies, really--and I am simply adding a form at the bottom of those pages,
with two text boxes for name and email address, and a textarea for the
message that people would put in some message in paragraph form.

I did this a couple of years ago when I was using FrontPage, but couldn't do
it in ASP because my host was on Unix. Now, I'm on a Windows host, so I can
go back to using the forms.

Yes, I guess anyone can put any email address in there, but often, they will
want me to reply. I guess that I could remove that field and ask people to
put their email addy in the textarea, but I'm not sure that would keep me
from potential spammers.
 
A

Aaron Bertrand [MVP]

Oh, see? It wasn't clear to me that the e-mail address they enter was NOT
the one you were planning on sending to, using CDO.

--
Aaron Bertrand
SQL Server MVP
http://www.aspfaq.com/
 
M

middletree

Right. I can see where that would be a dumb thing to build into a web page.

Now, back to the OP: (and yes, I looked at aspfaq.com before posting this).
Is there anything I should put in there to catch potentially bad stuff,
since there is no database involved?
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,483
Members
44,901
Latest member
Noble71S45

Latest Threads

Top