[thelist] CF: source of POST variables

Raymond Camden jedimaster at macromedia.com
Fri Aug 2 08:59:00 CDT 2002


As far as I know, http_referer is your only real choice. You can devise
a hack like putting a form variable in the original form with a special
name based on the day, perhaps, and then check for that on the action
page. This would potentially stop someone who stole your code yesterday,
but, it's still not a great solution.

=======================================================================
Raymond Camden, ColdFusion Jedi Master for Macromedia

Email    : jedimaster at macromedia.com
Yahoo IM : morpheus

"My ally is the Force, and a powerful ally it is." - Yoda

> -----Original Message-----
> From: thelist-admin at lists.evolt.org
> [mailto:thelist-admin at lists.evolt.org] On Behalf Of jon steele
> Sent: Friday, August 02, 2002 9:34 AM
> To: thelist at lists.evolt.org
> Subject: RE: [thelist] CF: source of POST variables
>
>
> --- Raymond Camden <jedimaster at macromedia.com> wrote:
> > Examine the CGI scope, but as you indicate, it's not 100%
> secure. Thing
>
> Besides HTTP_REFERER, what else can I check? Other variables
> have to do with the current running
> script.
>
> Are there any other proven workarounds you have used in the
> past? In my situation, the user is
> being redirected to a form off the main server, then
> redirected back after two scripts.
>





More information about the thelist mailing list