At 15:10 10/12/00 -0500, you wrote:
>http_referer is a good measure....I would also strongly urge you to never put prices
>and the like in a (hidden) form field, all those should be generated from a database;
>also look into the cf_scriptkill custom tag or the like to prevent embedded scripts
>from being run in your form fields.
But keep in mind that http_referer is sent from the *browser*, you
are trusting that string. A determined hacker and easily forge
the http_referer value.
I've also had a few rare cases of IE not sending the http_referer
unless the user clicked on a form button...
RPS
------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
