Re: [WebDNA] preventing hackers from posting their own
This WebDNA talk-list message is from 2009
It keeps the original formatting.
numero = 102032
interpreted = N
texte = --=====================_744752875==.ALTContent-Type: text/plain; charset="us-ascii"That's fine and I agree. My answer did provide him a solution though, but if he wants to further protect it from scripting bots/malicious hacks, then sure, I'd say encrypt the value in the hidden field.GJKAt 11:50 AM 2/19/2009, you wrote:>I agree with Donovan. A hidden field is as misconception, it's not>really hidden, just not visible in a browser. Any hacker worth his salt>attempting to "hack" a form post will look at the "hidden" fields first>and they are quite easy to spoof. Using an encrypted value with a seed>will most certainly stop them in their tracks.>I've used that method for years without incident...>>Marc--=====================_744752875==.ALTContent-Type: text/html; charset="us-ascii"
That's fine and I agree. My answer did provide him asolution though, but if he wants to further protect it from scriptingbots/malicious hacks, then sure, I'd say encrypt the value in the hiddenfield.
GJK
At 11:50 AM 2/19/2009, you wrote:
I agree with Donovan. Ahidden field is as misconception, it's not
really hidden, just not visible in a browser. Any hacker worth hissalt
attempting to "hack" a form post will look at the"hidden" fields first
and they are quite easy to spoof. Using an encrypted value with aseed
will most certainly stop them in their tracks.
I've used that method for years without incident...
Marc
--=====================_744752875==.ALT--
Associated Messages, from the most recent to the oldest:
--=====================_744752875==.ALTContent-Type: text/plain; charset="us-ascii"That's fine and I agree. My answer did provide him a solution though, but if he wants to further protect it from scripting bots/malicious hacks, then sure, I'd say encrypt the value in the hidden field.GJKAt 11:50 AM 2/19/2009, you wrote:>I agree with Donovan. A hidden field is as misconception, it's not>really hidden, just not visible in a browser. Any hacker worth his salt>attempting to "hack" a form post will look at the "hidden" fields first>and they are quite easy to spoof. Using an encrypted value with a seed>will most certainly stop them in their tracks.>I've used that method for years without incident...>>Marc--=====================_744752875==.ALTContent-Type: text/html; charset="us-ascii"
That's fine and I agree. My answer did provide him asolution though, but if he wants to further protect it from scriptingbots/malicious hacks, then sure, I'd say encrypt the value in the hiddenfield.
GJK
At 11:50 AM 2/19/2009, you wrote:
I agree with Donovan. Ahidden field is as misconception, it's not
really hidden, just not visible in a browser. Any hacker worth hissalt
attempting to "hack" a form post will look at the"hidden" fields first
and they are quite easy to spoof. Using an encrypted value with aseed
will most certainly stop them in their tracks.
I've used that method for years without incident...
Marc
--=====================_744752875==.ALT--
Gary Krockover
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
Not reading code (1997)
Re[2]: Next X hits (1996)
debit cards and checksum (1998)
Multiple copies (1999)
Mac 2.1b2 speed (1997)
Creating a folder with WebCat? (2000)
Silly date question (2006)
Help name our technology! I found it (1997)
Target wit redirect (1998)
RAM variables (1997)
RE: what characters are replaced for tab and CR? (1998)
Nested tags count question (1997)
autocommit problem (1998)
How true is this? (1999)
Emailer or [sendmail] questions ... (1998)
search form problem.. (1997)
[WebDNA] path traversal (2020)
Problems with Price field (1997)
multi-paragraph fields (1997)
WebCat2b15MacPlugin - [protect] (1997)