My ajax chat client currently does not prevent a knowledgeable web developer from making an HTML form, anb posting to my MessageListener servlet with a correctly formatted message which will go to all users logged in. Something like this:
<form action="http://www.mydomainname.com/amq/?"; method="POST"> <input type="hidden" name="destination" value="topic://CHAT.MYTOPIC"> <input type="hidden" name="type" value="send"> <input type="hidden" name="message" value="<message type='chat' from='Webmaster'>Screw all ya all</message>"> <input type="submit" value="Do It"></form> Is there anyway to prevent this? At minimum, maybe a check in the servlet for referring url. -- View this message in context: http://www.nabble.com/Preventing-post-from-external-URLs-tf2374191.html#a6614621 Sent from the ActiveMQ - User mailing list archive at Nabble.com.
