Well, it has been quite some time since I have done any serious web development (and the platform back then was netscapes enterprise server on solaris 2.52), but...
Pull the referrer from the web server environment, not javascript or anything else client side, in fact, if you are that paranoid it might have been faked (and I have clients that I swear wear foil headgear ;-) ) then you could check, set and check for a session cookie, etc.. alot of ways to track that when you control the web server in question and deny anything fishy. Nothing is 100% but you can make it difficult enough or unlikely enough that they will go look for easier targets... Our experience was that simply checking the webserver env URI referrer variable was often good enough in this scenario. Jim On Thu, 08 Sep 2005 20:47:47 -0400, David F. Skoll wrote > Referrer can be faked. You can't trust any data supplied by the client. > > Also, people who use privoxy or the like to suppress the referrer field > would get quite annoyed. > > > would force the spammer to hit a valid URI to get the link to the webform > > :-) Ah, the perils of trusting the client. > > Regards, > > David. -- EsisNet.com Webmail Client _______________________________________________ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang