Website security

Discussion in 'Computer Security' started by Jay, Jun 21, 2006.

  1. Jay

    Jay Guest

    I have a asp web site, and a register form, a process.asp to insert the
    registration row.
    If someone, create a form in his localhost webserver,
    and the form action is my process.asp, how can I prevent that request ?

    Thank you
     
    Jay, Jun 21, 2006
    #1
    1. Advertising

  2. Jay

    Todd H. Guest

    "Jay" <> writes:

    > I have a asp web site, and a register form, a process.asp to insert the
    > registration row.
    > If someone, create a form in his localhost webserver,
    > and the form action is my process.asp, how can I prevent that
    > request ?


    The usual--validate the hell every stinking variable that form takes
    in, and do so ON THE SERVER. Not in javascript. To do this, you have
    to come up with your definition of what a valid request is, and what
    valid input for each of your fields is.

    If the person cares enough to send all valid data and spoofs
    http_referrer to match and all that, there isn't much reason to worry
    since the form they've recreated is sufficiently identical to your own
    form.

    If you're doing server side validation sufficiently, you won't any
    longer care if it's your copy of the form the POST came from or
    someone's local copy. Even on your copy of the form, an attacker with
    a software web proxy or firefox plugin can add form fields, override
    field lengths, get around javascript, etc so even if you had a magical
    bullet to determine "someone copied my form" you'd still not cut down
    your space of worry.

    Best REgards,
    --
    Todd H.
    http://www.toddh.net/
     
    Todd H., Jun 21, 2006
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Herb
    Replies:
    3
    Views:
    520
    Doug G
    Apr 18, 2005
  2. COMSOLIT Messmer

    IT-Security, Security, e-security

    COMSOLIT Messmer, Sep 5, 2003, in forum: Computer Support
    Replies:
    0
    Views:
    640
    COMSOLIT Messmer
    Sep 5, 2003
  3. Rhys Coombs

    XXs in website and security issues

    Rhys Coombs, Apr 17, 2004, in forum: Computer Support
    Replies:
    0
    Views:
    428
    Rhys Coombs
    Apr 17, 2004
  4. Joel Rubin
    Replies:
    0
    Views:
    428
    Joel Rubin
    Mar 20, 2005
  5. Gustavo
    Replies:
    1
    Views:
    898
    Dave Doe
    Dec 21, 2011
Loading...

Share This Page