Have a look at the CGI variables in particular CGI.HTTP_REFERER This is the page before the current one - it should have your server details in there, other wise discard.
On 5/9/07, Eric J. Hoffman <[EMAIL PROTECTED]> wrote: > > Curious question here. If I think about this, if someone takes a form > of ours for login, for example, and makes a local copy on their > machine....and they set the post action to be the live server > authenticate file....what is the best way to detect this and defeat it? > Noone has ever gained access this way as of yet, but we are studying > possibilities, and this seems to me to be an attack vector. > > > > Any thoughts? A check to see if the referrer was the domain > name/login file name? Or can that be spoofed as well then? > > > > Thanks~! > > -------------------------------------------------------- > > > Eric J. Hoffman > Managing Partner > 2081 Industrial Blvd > StillwaterMN55082 > mail: [EMAIL PROTECTED] > www: http://www.ejhassociates.com > tel: 651.717.4105 > fax: 651.717.4101 > mob: 651.245.2717 > Adobe Solutions Partner > Microsoft Certified Partner > > -------------------------------------------------------- > > This message contains confidential information and is intended only for > [EMAIL PROTECTED] If you are not cf-talk@houseoffusion.com you > should not disseminate, distribute or copy this e-mail. Please notify > [EMAIL PROTECTED] immediately by e-mail if you have received this > e-mail by mistake and delete this e-mail from your system. E-mail > transmission cannot be guaranteed to be secure or error-free as information > could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, > or contain viruses. Eric J. Hoffman therefore does not accept liability for > any errors or omissions in the contents of this message, which arise as a > result of e-mail transmission. If verification is required please request a > hard-copy version. > -------------------------------------------------------- > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Macromedia ColdFusion MX7 Upgrade to MX7 & experience time-saving features, more productivity. http://www.adobe.com/products/coldfusion?sdid=RVJW Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:277371 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
