It can be automated on your form just as easily as any copy of it. If repeated attempts is your worry, just limit access from a single IP to 1 submission every 1 minute or so.
-----Original Message----- From: Eric J. Hoffman [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 09, 2007 12:14 PM To: CF-Talk Subject: RE: defeating offline form posts Well, an automated process where they create spam accounts into the system? We could use CAPTCHA maybe, but a lot of users hate that. I was wondering if there was a good practice to additionally nail them in advance of captcha use, but maybe not...? -------------------------------------------------------- Eric J. Hoffman Managing Partner 2081 Industrial Blvd StillwaterMN55082 mail: [EMAIL PROTECTED] www: http://www.ejhassociates.com tel: 651.717.4105 fax: 651.717.4101 mob: 651.245.2717 Adobe Solutions Partner Microsoft Certified Partner -------------------------------------------------------- This message contains confidential information and is intended only for [EMAIL PROTECTED] If you are not cf-talk@houseoffusion.com you should not disseminate, distribute or copy this e-mail. Please notify [EMAIL PROTECTED] immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. Eric J. Hoffman therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. -------------------------------------------------------- -----Original Message----- From: Jochem van Dieten [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 09, 2007 5:05 AM To: CF-Talk Subject: Re: defeating offline form posts Eric J. Hoffman wrote: > Curious question here. If I think about this, if someone takes a form > of ours for login, for example, and makes a local copy on their > machine....and they set the post action to be the live server > authenticate file....what is the best way to detect this and defeat it? Why do you care? Jochem ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Create Web Applications With ColdFusion MX7 & Flex 2. Build powerful, scalable RIAs. Free Trial http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJS Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:277493 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
