Advertisement

03.07.2008 at 06:13AM PST, ID: 23222834 | Points: 500
[x]
Attachment Details

How to make sure that a "post" is coming from the same domain?

Asked by dynamota in CGI Scripting, ColdFusion Application Server, Cold Fusion Markup Language

Tags:

I have a flash form with some fields embeded on a cfm page. After the user fills the form, the flash posts the data internally to a coldfusion page. The cfm action page writes a record into the database.

But people who knows how to find http header information, can spam my cfm action page from outside the domain. Because they can find out what variables are being passed and to what page.

What is a good way to make sure that I allow only the post operation from my domain and not from outside my domain. I was thinking of using cgi.http_referer. But a lot of people say that it's not reliable

How should I start tightening this?

Tx in advanceStart Free Trial
[+][-]03.07.2008 at 06:41AM PST, ID: 21070431

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]03.07.2008 at 06:49AM PST, ID: 21070558

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]03.07.2008 at 06:52AM PST, ID: 21070594

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]03.13.2008 at 03:26PM PDT, ID: 21121424

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]03.13.2008 at 03:50PM PDT, ID: 21121587

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]03.13.2008 at 04:03PM PDT, ID: 21121666

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]05.19.2008 at 07:42PM PDT, ID: 21603262

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
 
Loading Advertisement...
20080716-EE-VQP-32 / EE_QW_2_20070628