Put the session ID in the form and then check to see if the session has expired.
Jaime Metcher > -----Original Message----- > From: Eric J. Hoffman [mailto:[EMAIL PROTECTED] > Sent: Wednesday, 9 May 2007 12:44 PM > To: CF-Talk > Subject: defeating offline form posts > > > Curious question here. If I think about this, if someone takes a form > of ours for login, for example, and makes a local copy on their > machine....and they set the post action to be the live server > authenticate file....what is the best way to detect this and defeat it? > Noone has ever gained access this way as of yet, but we are studying > possibilities, and this seems to me to be an attack vector. > > > > Any thoughts? A check to see if the referrer was the domain > name/login file name? Or can that be spoofed as well then? > > > > Thanks~! > > -------------------------------------------------------- > > > Eric J. Hoffman > Managing Partner > 2081 Industrial Blvd > StillwaterMN55082 > mail: [EMAIL PROTECTED] > www: http://www.ejhassociates.com > tel: 651.717.4105 > fax: 651.717.4101 > mob: 651.245.2717 > Adobe Solutions Partner > Microsoft Certified Partner > > -------------------------------------------------------- > > This message contains confidential information and is intended > only for [EMAIL PROTECTED] If you are not > cf-talk@houseoffusion.com you should not disseminate, distribute > or copy this e-mail. Please notify [EMAIL PROTECTED] > immediately by e-mail if you have received this e-mail by mistake > and delete this e-mail from your system. E-mail transmission > cannot be guaranteed to be secure or error-free as information > could be intercepted, corrupted, lost, destroyed, arrive late or > incomplete, or contain viruses. Eric J. Hoffman therefore does > not accept liability for any errors or omissions in the contents > of this message, which arise as a result of e-mail transmission. > If verification is required please request a hard-copy version. > -------------------------------------------------------- > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Deploy Web Applications Quickly across the enterprise with ColdFusion MX7 & Flex 2 Free Trial http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJU Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:277372 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4