> I was wondering what the best method is to confirm that the
> form variable that are submitted were from a page from the
> server and not some hacker downloading the source and
> changing stuff. I know you can use CGI.HTTP_REFERER, however
> this is not always passed by all browsers. Any Ideas.
What you want to do is impossible within the limitations of the HTTP
protocol. Any data from the browser is subject to tampering by the user of
that browser.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
voice: (202) 797-5496
fax: (202) 797-5444
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
