Re: [WebDNA] preventing hackers from posting their own

This WebDNA talk-list message is from

2009


It keeps the original formatting.
numero = 102032
interpreted = N
texte = --=====================_744752875==.ALT Content-Type: text/plain; charset="us-ascii" That's fine and I agree. My answer did provide him a solution though, but if he wants to further protect it from scripting bots/malicious hacks, then sure, I'd say encrypt the value in the hidden field. GJK At 11:50 AM 2/19/2009, you wrote: >I agree with Donovan. A hidden field is as misconception, it's not >really hidden, just not visible in a browser. Any hacker worth his salt >attempting to "hack" a form post will look at the "hidden" fields first >and they are quite easy to spoof. Using an encrypted value with a seed >will most certainly stop them in their tracks. >I've used that method for years without incident... > >Marc --=====================_744752875==.ALT Content-Type: text/html; charset="us-ascii" That's fine and I agree.  My answer did provide him a solution though, but if he wants to further protect it from scripting bots/malicious hacks, then sure, I'd say encrypt the value in the hidden field.

GJK

At 11:50 AM 2/19/2009, you wrote:
I agree with Donovan.  A hidden field is as misconception, it's not
really hidden, just not visible in a browser.  Any hacker worth his salt
attempting to "hack" a form post will look at the "hidden" fields first
and they are quite easy to spoof.  Using an encrypted value with a seed
will most certainly stop them in their tracks.
I've used that method for years without incident...

Marc
--=====================_744752875==.ALT-- Associated Messages, from the most recent to the oldest:

    
  1. Re: [WebDNA] preventing hackers from posting their own (altered) version of my form? (Stuart Tremain 2009)
  2. Re: [WebDNA] preventing hackers from posting their own (altered) (Donovan Brooke 2009)
  3. Re: [WebDNA] preventing hackers from posting their own (altered) (Donovan Brooke 2009)
  4. Re: [WebDNA] preventing hackers from posting their own (altered) version of my form? (Toby Cox 2009)
  5. Re: [WebDNA] preventing hackers from posting their own (altered) version of my form? (Govinda 2009)
  6. Re: [WebDNA] preventing hackers from posting their own ("Dan Strong" 2009)
  7. Re: [WebDNA] preventing hackers from posting their own (altered) (Donovan Brooke 2009)
  8. Re: [WebDNA] preventing hackers from posting their own (Gary Krockover 2009)
  9. Re: [WebDNA] preventing hackers from posting their own (altered) (Marc Thompson 2009)
  10. Re: [WebDNA] preventing hackers from posting their own (altered) version of my form? (Bob Minor 2009)
  11. Re: [WebDNA] preventing hackers from posting their own ("Dan Strong" 2009)
  12. Re: [WebDNA] preventing hackers from posting their own (altered) (Marc Thompson 2009)
  13. Re: [WebDNA] preventing hackers from posting their own (altered) (Donovan Brooke 2009)
  14. Re: [WebDNA] preventing hackers from posting their own (altered) version of my form? (Govinda 2009)
  15. Re: [WebDNA] preventing hackers from posting their own (Gary Krockover 2009)
  16. [WebDNA] preventing hackers from posting their own (altered) version of my form? (Govinda 2009)
--=====================_744752875==.ALT Content-Type: text/plain; charset="us-ascii" That's fine and I agree. My answer did provide him a solution though, but if he wants to further protect it from scripting bots/malicious hacks, then sure, I'd say encrypt the value in the hidden field. GJK At 11:50 AM 2/19/2009, you wrote: >I agree with Donovan. A hidden field is as misconception, it's not >really hidden, just not visible in a browser. Any hacker worth his salt >attempting to "hack" a form post will look at the "hidden" fields first >and they are quite easy to spoof. Using an encrypted value with a seed >will most certainly stop them in their tracks. >I've used that method for years without incident... > >Marc --=====================_744752875==.ALT Content-Type: text/html; charset="us-ascii" That's fine and I agree.  My answer did provide him a solution though, but if he wants to further protect it from scripting bots/malicious hacks, then sure, I'd say encrypt the value in the hidden field.

GJK

At 11:50 AM 2/19/2009, you wrote:
I agree with Donovan.  A hidden field is as misconception, it's not
really hidden, just not visible in a browser.  Any hacker worth his salt
attempting to "hack" a form post will look at the "hidden" fields first
and they are quite easy to spoof.  Using an encrypted value with a seed
will most certainly stop them in their tracks.
I've used that method for years without incident...

Marc
--=====================_744752875==.ALT-- Gary Krockover

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Not reading code (1997) Re[2]: Next X hits (1996) debit cards and checksum (1998) Multiple copies (1999) Mac 2.1b2 speed (1997) Creating a folder with WebCat? (2000) Silly date question (2006) Help name our technology! I found it (1997) Target wit redirect (1998) RAM variables (1997) RE: what characters are replaced for tab and CR? (1998) Nested tags count question (1997) autocommit problem (1998) How true is this? (1999) Emailer or [sendmail] questions ... (1998) search form problem.. (1997) [WebDNA] path traversal (2020) Problems with Price field (1997) multi-paragraph fields (1997) WebCat2b15MacPlugin - [protect] (1997)