I want to protect action pages from unauthorized forms that are not on the
same server, namely spammers. I wrote this simple script that will work in
conjunction with my other form validation scripts to ensure a referrer comes
from the same CGI.HTTP_HOST.
<cftry>
<cfscript>
message = "";
errors = 0;
if ( NOT FindNoCase(CGI.HTTP_HOST,CGI.HTTP_REFERER) ) {
message = "You cannot access this page";
errors = 1;
}
</cfscript>
<cfif errors EQ 1 >
<cfthrow message="#message#" type="goBack">
</cfif>
<cfcatch type="Any">
<cfoutput>
<h3>#message#</h3>
</cfoutput>
</cfcatch>
</cftry>
Does anyone see any holes that I should address, or is there a better
solution?
Thank you,
Aftershock Web Design, Inc.
by: Stan Winchester
President/Developer
[EMAIL PROTECTED]
http://www.aftershockweb.com/
Tel. 503-244-3440
Fax 503-244-3454
[Todays Threads]
[This Message]
[Subscription]
[Fast Unsubscribe]
[User Settings]
- RE: Protect action pages Stan Winchester
- RE: Protect action pages Mosh Teitelbaum
- Re: Protect action pages brobborb
- RE: Protect action pages Kwang Suh
- Re: Protect action pages Jim McAtee
- Re: Protect action pages Nick Han
- RE: Protect action pages Dave Watts
- Re: Protect action pages Stan Winchester
- Re: Protect action pages Steve Nelson
- Re: Protect action pages Dick Applebaum