I have a asp web site, and a register form, a process.asp to insert the
If someone, create a form in his localhost webserver,
and the form action is my process.asp, how can I prevent that request ?
Re: Website security
"Jay" <email@example.com> writes:
> I have a asp web site, and a register form, a process.asp to insert the
> registration row.
> If someone, create a form in his localhost webserver,
> and the form action is my process.asp, how can I prevent that
> request ?
The usual--validate the hell every stinking variable that form takes
to come up with your definition of what a valid request is, and what
valid input for each of your fields is.
If the person cares enough to send all valid data and spoofs
http_referrer to match and all that, there isn't much reason to worry
since the form they've recreated is sufficiently identical to your own
If you're doing server side validation sufficiently, you won't any
longer care if it's your copy of the form the POST came from or
someone's local copy. Even on your copy of the form, an attacker with
a software web proxy or firefox plugin can add form fields, override
bullet to determine "someone copied my form" you'd still not cut down
your space of worry.
|All times are GMT. The time now is 10:45 PM.|
Powered by vBulletin®. Copyright ©2000 - 2013, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.