Web Wiz - Green Windows Web Hosting

Login

Web Wiz Homepage

Forum Home

Forum Home > General Discussion > Classic ASP Discussion

New Posts

RSS Feed - Protecting webpage from remote submitting

FAQ

FAQ

Register

Login

Protecting webpage from remote submitting

Post Reply

Author	Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic
PrivateEye Members Profile Find Members Posts Groupie Joined: 21 March 2003 Location: United Kingdom Status: Offline Points: 168	Post Options Post Reply Quote PrivateEye Report Post Thanks(0) Quote Reply Topic: Protecting webpage from remote submitting Posted: 26 March 2006 at 9:44pm
	I want to know what is quality approach to stop remote submitting a page. For example I have an ASP page submit_form.asp that use HTML FORM element and this form is submitted to process_form.asp page. What is best way to stop users from sending requests to process_form.asp page from remote servers.
	The Judgement Day

michael Members Profile Find Members Posts Senior Member Joined: 08 April 2002 Location: United States Status: Offline Points: 4670	Post Options Post Reply Quote michael Report Post Thanks(0) Quote Reply Posted: 27 March 2006 at 4:06pm
	Use a Captcha plugin, like one you can download here...
	Blog \| MPG Tracker

wistex Members Profile Find Members Posts Mod Builder Group Joined: 30 August 2003 Location: United States Status: Offline Points: 877	Post Options Post Reply Quote wistex Report Post Thanks(0) Quote Reply Posted: 20 April 2006 at 4:32am
	You could check the referrer, I suppose. If they submitted the form from your website, wouldn't your website be the referrer? If the referrer is not what you are expecting, then throw an error message and not process the request.
	WisTex Solutions CaribbeanChoice Forums

dpyers Members Profile Find Members Posts Senior Member Joined: 12 May 2003 Status: Offline Points: 3937	Post Options Post Reply Quote dpyers Report Post Thanks(0) Quote Reply Posted: 20 April 2006 at 4:52am
	You can also check for x number of submissions within y number of minutes. You could do the check by IP but it's pretty easy to spoof an ip or referrer. CAPTCHA is probably the best way.
	Lead me not into temptation... I know the short cut, follow me.

wistex Members Profile Find Members Posts Mod Builder Group Joined: 30 August 2003 Location: United States Status: Offline Points: 877	Post Options Post Reply Quote wistex Report Post Thanks(0) Quote Reply Posted: 20 April 2006 at 5:09am
	It might be interesting to take a look at how Borg does it. He has several scripts that should not be called directly, such as the one that adds votes to a poll. I know that if you try to access it directly in the browser (i.e. its not called by pressing the submit button on the poll's form), it will not count your vote and redirect you to the forum's default page. It only works if its called by the poll's form. (I tested to make sure people couldn't cheat in the Battle of the Islands competition we have.) I've never disected the file, but I'm sure Borg did a good job at preventing direct submissions, all without using CAPTCHA for voting in the poll.
	WisTex Solutions CaribbeanChoice Forums

Post Reply

Forum Jump

Forum Permissions View Drop Down

View Drop Down

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot delete your posts in this forum
You cannot edit your posts in this forum
You cannot create polls in this forum
You cannot vote in polls in this forum

Forum Software by Web Wiz Forums® version 12.08
Copyright ©2001-2026 Web Wiz Ltd.

About Web Wiz | Contact Web Wiz | Terms & Conditions | Cookies | Privacy Notice

Web Wiz is the trading name of Web Wiz Ltd. Company registration No. 05977755. Registered in England and Wales.
Registered office: Web Wiz Ltd, Unit 18, The Glenmore Centre, Fancy Road, Poole, Dorset, BH12 4FB, UK.

Prices exclude VAT at 20% unless otherwise stated. VAT No. GB988999105 - $, € prices shown as a guideline only.

Copyright ©2001-2026 Web Wiz Ltd. All rights reserved.