J
Just1Coder
How can I prevent posting of a form from any other site but the site the
form lives on?
form lives on?
Yeah... that's what I was thinking...James said:Might want to look into:
Request.ServerVariables("HTTP_REFERER")
David said:No, you cannot rely on the referrer any more as some anti-virus/firewall
software stops the browser from sending that information.
You would check to see that the
Request.ServerVariables("HTTP_REFERER") =
"http://www.YourDomain.com/YourFormPage.asp"
You need to set some random value in the form and then check it's there and
valid when you process it. You could do it with a database and the visitors
IP address but it's a bit like overkill.
Regards
David
Just1Coder said:How can I prevent posting of a form from any other site but the site the
form lives on?
Just1Coder said:How can I prevent posting of a form from any other site but the site
the form lives on?
Yes, I know but there are several ways around it, but I have been asked to.Dave said:Why bother?
It sounds like you are attempting to put some of your security on the client
side. This is trivial to defeat. Heck - with the FireFox LiveHTTPHeaders
extension, I can change anything at all in a request and re-send. Anything.
Just1Coder said:Ah, I see.
So a random number or GUID or something like that should work OK?
Want to reply to this thread or ask your own question?
You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.