What if the HTTP POST didn't get as far as ColdFusion? We have an ongoing case where the web server throws a 500 error, and we don't know why the page doesn't get to CF.
thx Chris >---------- Original Message ---------------------------------- >From: "Ken Wexel" <[EMAIL PROTECTED]> >Reply-To: cf-talk@houseoffusion.com >Date: Tue, 8 May 2007 23:26:01 -0400 > >>When I ran into this problem previously, I'd set a value into the user >>session and set the same value as a hidden form field. On post, if >>the two didn't match, I knew the posting was invalid. Can be >>something as simple as a long numeric value.. >> >>On 5/8/07, Eric J. Hoffman <[EMAIL PROTECTED]> wrote: >>> That's where I started....but the thing is, I think they can spoof that >>> variable? Or not? .... >>> -----Original Message----- >>> >>> From: AJ Mercer [mailto:[EMAIL PROTECTED] >>> Sent: Tuesday, May 08, 2007 9:53 PM >>> To: CF-Talk >>> Subject: Re: defeating offline form posts >>> >>> Have a look at the CGI variables >>> in particular CGI.HTTP_REFERER >>> This is the page before the current one - it should have your server >>> details >>> in there, other wise discard. >>> >>> >>> On 5/9/07, Eric J. Hoffman <[EMAIL PROTECTED]> wrote: >>> > >>> > Curious question here. If I think about this, if someone takes a >>> form >>> > of ours for login, for example, and makes a local copy on their >>> > machine....and they set the post action to be the live server >>> > authenticate file....what is the best way to detect this and defeat >>> it? .... ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Create robust enterprise, web RIAs. Upgrade & integrate Adobe Coldfusion MX7 with Flex 2 http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJP Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:277396 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
