Hi,
you could use an additional parameter containing a checksum of the entire URL, that
you check at the
beginning. Of course, somebody with the right motivation could find out your checksum
scheme (I would
use a subset of the md5 function), but at least it won't be simple anymore.
You could also use a Session ID that you generate somewhere on your site (usually the
start page). You
pass that along to the form and check it for validity. PHP 4 supports sessions.
Hope this helps.
Greetings,
Michael.
> Since nobody answered my last question (or any of them for that matter). Let
> me rephrase it a little
> different.
>
> Other then checking the referer (to make sure the posted data came from the
> right page)
> and user agent (to see if it exists), is there any other way to secure a
> form from having other
> forms submitting to it?
>
> -dave
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
