Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 113
  • Last Modified:

posting form data

I use PHP and mysql
how can I be sure that if my web form is actually posted from my own server?

I think anyone can send a data to my action page from a different server?

I use https by the way.
0
Braveheartli
Asked:
Braveheartli
  • 2
1 Solution
 
Ray PaseurCommented:
anyone can send a data to my action page from a different server?
Yes, that is one of the built-in risks of the HTTP protocol.  You can't prevent it, but you can make it harmless.

You may consider using a "form token."
https://www.experts-exchange.com/articles/28802/Improved-Form-Tokens-to-Guard-Against-CSRF-and-Screen-Scrapers.html

You can check HTTP_REFERER (It's all explained in the article).  You can also check the input controls.  You will find their names in the array keys of $_POST.  If any are missing or there are any extras, just discard the request.

If you need more protection, consider a CAPTCHA test.
https://www.experts-exchange.com/articles/9849/Making-CAPTCHA-Friendlier-with-Simple-Number-Tests-or-PHP-Image-Manipulation.html
0
 
BraveheartliMarketingAuthor Commented:
thank you
0
 
Ray PaseurCommented:
You're welcome!  Glad to help, ~Ray
0

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now