Curious question here. If I think about this, if someone takes a form of ours for login, for example, and makes a local copy on their machine....and they set the post action to be the live server authenticate file....what is the best way to detect this and defeat it? Noone has ever gained access this way as of yet, but we are studying possibilities, and this seems to me to be an attack vector.
Any thoughts? A check to see if the referrer was the domain name/login file name? Or can that be spoofed as well then? Thanks~! -------------------------------------------------------- Eric J. Hoffman Managing Partner 2081 Industrial Blvd StillwaterMN55082 mail: [EMAIL PROTECTED] www: http://www.ejhassociates.com tel: 651.717.4105 fax: 651.717.4101 mob: 651.245.2717 Adobe Solutions Partner Microsoft Certified Partner -------------------------------------------------------- This message contains confidential information and is intended only for [EMAIL PROTECTED] If you are not cf-talk@houseoffusion.com you should not disseminate, distribute or copy this e-mail. Please notify [EMAIL PROTECTED] immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. Eric J. Hoffman therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. -------------------------------------------------------- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| ColdFusion MX7 by AdobeĀ® Dyncamically transform webcontent into Adobe PDF with new ColdFusion MX7. Free Trial. http://www.adobe.com/products/coldfusion?sdid=RVJV Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:277370 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
