Re: [WebDNA] preventing hackers from posting their own (altered)

This WebDNA talk-list message is from

2009


It keeps the original formatting.
numero = 102024
interpreted = N
texte = Govinda wrote: > Thanks Gary, > > well I had just assumed that [REFERRER] would not get set to the actual > referring URL when reaching the template with that tag in it because of > this line from the docs: > "...Note: this will not work if the previous page was a FORM > METHOD="POST". " > But after seeing your post here I tried it and it seems to work fine, > even with method=post. (why do the docs say that?) > Assuming [referrer] is reliable in this situation, then I can just check > against the evaluated tag's value itself.. (and not against an incoming > hidden input). > If I used a hidden input the way you suggest then what stops a user from > creating a version of the form with a hidden input whose value is set to > whatever he wants. (including what I would have stuffed in there with > the [referrer] tag's value?) > > -G I would suggest to encrypt a hidden value with a seed... then decrypt on the receiving end to do a match to a static or admin controlled variable. Referrer is not reliable in all situations because of proxies. Donovan -- Donovan D. Brooke PH: 1 (608) 770-3822 ------------------------------------------------ WebDNA Software Corporation 16192 Coastal Highway Lewes, DE 19958 Associated Messages, from the most recent to the oldest:

    
  1. Re: [WebDNA] preventing hackers from posting their own (altered) version of my form? (Stuart Tremain 2009)
  2. Re: [WebDNA] preventing hackers from posting their own (altered) (Donovan Brooke 2009)
  3. Re: [WebDNA] preventing hackers from posting their own (altered) (Donovan Brooke 2009)
  4. Re: [WebDNA] preventing hackers from posting their own (altered) version of my form? (Toby Cox 2009)
  5. Re: [WebDNA] preventing hackers from posting their own (altered) version of my form? (Govinda 2009)
  6. Re: [WebDNA] preventing hackers from posting their own (altered) (Donovan Brooke 2009)
  7. Re: [WebDNA] preventing hackers from posting their own (altered) (Marc Thompson 2009)
  8. Re: [WebDNA] preventing hackers from posting their own (altered) version of my form? (Bob Minor 2009)
  9. Re: [WebDNA] preventing hackers from posting their own (altered) (Marc Thompson 2009)
  10. Re: [WebDNA] preventing hackers from posting their own (altered) (Donovan Brooke 2009)
  11. Re: [WebDNA] preventing hackers from posting their own (altered) version of my form? (Govinda 2009)
  12. [WebDNA] preventing hackers from posting their own (altered) version of my form? (Govinda 2009)
Govinda wrote: > Thanks Gary, > > well I had just assumed that [referrer] would not get set to the actual > referring URL when reaching the template with that tag in it because of > this line from the docs: > "...Note: this will not work if the previous page was a FORM > METHOD="POST". " > But after seeing your post here I tried it and it seems to work fine, > even with method=post. (why do the docs say that?) > Assuming [referrer] is reliable in this situation, then I can just check > against the evaluated tag's value itself.. (and not against an incoming > hidden input). > If I used a hidden input the way you suggest then what stops a user from > creating a version of the form with a hidden input whose value is set to > whatever he wants. (including what I would have stuffed in there with > the [referrer] tag's value?) > > -G I would suggest to encrypt a hidden value with a seed... then decrypt on the receiving end to do a match to a static or admin controlled variable. Referrer is not reliable in all situations because of proxies. Donovan -- Donovan D. Brooke PH: 1 (608) 770-3822 ------------------------------------------------ WebDNA Software Corporation 16192 Coastal Highway Lewes, DE 19958 Donovan Brooke

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

WebCat2b13MacPlugin - [math][date][/math] problem (1997) I'm tired of all this! (2000) Where is eudora plugin? (1998) Cookies not setting on IE (2002) [taxRate] [TaxTotal] ? (1997) WebCat b15 Mac plug-in (1997) referrer variable (1997) virtual domain service (1997) Ship Cost Calculated via Subtotal (1998) japanese characters (1997) Lots of bounce errors (2007) [Reload mydata.db] (1998) URL for Discussion Archive (1997) Wireless WebDNA available today! (2000) Sku numbers (1997) Weird error/limit - something amiss? (1997) SiteBuilder? - SlideShow (2004) Running 2 two WebCatalog.acgi's (1996) Help name our technology! I found it (1997) Can WC remember people? (1998)