Not really,
because the script filename is deleted and changed all the time, it doesn't
matter if they paste the name into the form, since the file will no longer
exist.
> From: "Chris" <[EMAIL PROTECTED]>
>
> > Would it not be possible to have both the form page and the script page
> that
> > handles the form be generated o the fly with random filenames?
> >
> > The form page would point to the random generated script page, and the
> > script page could delete itself after it is proccessed. You would also
> want
> > a cron to delete any files in case they never bothered to submit the
form.
> >
> > Can anyone see a problem with this?
> >
> >
>
>
>
> That is not going to solve the problem, because a cracker can just copy
and
> paste the random filename of the script page into their form page.
>
> Bogus form data is a problem for everyone working with html forms. You're
> trying to find an esoteric solution to the problem, while overlooking the
> obvious: just check if the data is valid.
>
>
> Regards
>
> Simon Garner
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
