Link to home
Start Free TrialLog in
Avatar of Mario Bernheim
Mario BernheimFlag for Nicaragua

asked on

Secure registration PHP

Hello, how can I prevent anyone looking at what variables we send to our processor_form.php and proceed with spamming with registrations? We dont verify email in our process. I was able to register 5 accounts using postman on our backend, we dont use captcha...  is there any way to send a hidden header to the backend? Im only asking for what method could be implemented...
Avatar of Dave Baldwin
Dave Baldwin
Flag of United States of America image

I can see everything you put in a web page form.  Nothing that comes from the browser can effectively be hidden.  Captcha only prevents automated spam that tries to bypass the form and go directly to the action page.  If your page is public, you can't prevent people from manually completing the form and submitting it.
Avatar of Mario Bernheim

ASKER

I understand that, however what we're trying to stop is automation, like an external script posting 10000 fake accounts?
Captcha is the most common way to do that.
You should be looking at the following

XSRF - Cross Site Request Forgery and how to prevent it using Form Tokens
Honeypot - hidden fields that humans don't see but bot's will see as one of many anti-spam tools
ASKER CERTIFIED SOLUTION
Avatar of Ray Paseur
Ray Paseur
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
thanks Ray,
Thanks everyone for taking the time to respond to my question.