You could always check the referer URL or put in some IP restictions (although this doesn't prevent IP spoofing for more serious hackers)
I normally check the referer on the action page combined with setting a session variable on the form page and then check for its existance on the action page before doing the insert. But I'm no expert, I'd be really interested to hear what the more security minded members of the list have to contribute Hth Mark -----Original Message----- From: Stephen Adams [mailto:[EMAIL PROTECTED] Sent: 07 September 2004 16:33 To: 'Dev Subject: [ cf-dev ] Tips on securing a form. Hi, I have a simple form, which mainly uses drop down list, but there are a couple of textareas and textfields. Can anyone tell me where I can find tutorial/tips on how to programmatically secure this form. At the moment my for submits straight to an INSERT query, I just want to make sure no one can attack the site through this form. -- These lists are syncronised with the CFDeveloper forum at http://forum.cfdeveloper.co.uk/ Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/ CFDeveloper Sponsors and contributors:- *Hosting and support provided by CFMXhosting.co.uk* :: *ActivePDF provided by activepdf.com* *Forums provided by fusetalk.com* :: *ProWorkFlow provided by proworkflow.com* *Tutorials provided by helmguru.com* :: *Lists hosted by gradwell.com* To unsubscribe, e-mail: [EMAIL PROTECTED]
