Mario Bernheim
asked on
Secure registration PHP
Hello, how can I prevent anyone looking at what variables we send to our processor_form.php and proceed with spamming with registrations? We dont verify email in our process. I was able to register 5 accounts using postman on our backend, we dont use captcha... is there any way to send a hidden header to the backend? Im only asking for what method could be implemented...
I can see everything you put in a web page form. Nothing that comes from the browser can effectively be hidden. Captcha only prevents automated spam that tries to bypass the form and go directly to the action page. If your page is public, you can't prevent people from manually completing the form and submitting it.
ASKER
I understand that, however what we're trying to stop is automation, like an external script posting 10000 fake accounts?
Captcha is the most common way to do that.
You should be looking at the following
XSRF - Cross Site Request Forgery and how to prevent it using Form Tokens
Honeypot - hidden fields that humans don't see but bot's will see as one of many anti-spam tools
XSRF - Cross Site Request Forgery and how to prevent it using Form Tokens
Honeypot - hidden fields that humans don't see but bot's will see as one of many anti-spam tools
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thanks Ray,
ASKER
Thanks everyone for taking the time to respond to my question.