Snippet details
ID: 525
Viewed: 1310
Added: 2004-02-19
Version: 1.0
When developing an input form and I want to build some page validation scripts, I prefer to use client-side so I that can do fancy stuff like highlighting fields that aren\'t filled out correctly and what not. However, the big concern with using just client-side scripting is that someone could always d/l the source to your entry form, put in their own submit button and submit the page with invalid values back to your site by explicitly setting the form action to point to your site.
Well, here is a blocker to stop such attacks on your forms. It\'s a simple little function that verifies that the server making the request matches the server that is processing it.
Well, here is a blocker to stop such attacks on your forms. It\'s a simple little function that verifies that the server making the request matches the server that is processing it.
<!---Head--->
<%
Function sameServer()
dim strSource,arrSource
arrSource = split(request.ServerVariables("HTTP_REFERER"),"/")
strSource = arrSource(2)
if lcase(request.ServerVariables("SERVER_NAME")) = lcase(strSource) then
sameServer = ""
else
sameServer = strSource
end if
End Function
%>
<!---Body--->
// in the page that processes the form info
// call the function.
<%
dim strResult
strResult = sameServer()
if strResult = "" then
Response.write("Congrats")
else
Response.write("Processing not allowed from " & strResult)
end if
%>
No Reviews to show
