Jan 18, 2008 @ 10:03 am.
I’ve been having problems recently with attempted spamming exploits on my form to email scripts (i.e. users downloading forms, messing with them and then submitting them remotely to my form handling scripts) and thought I’d see if comparing the sessionID of the sending pages and form handling pages could help to weed out these fake submissions.
Read the rest of this entry
Tags: Forms, Security, Web Apps | Categories: Software Development | 0 Comments
Jan 11, 2008 @ 1:18 pm.
Databases can be compromised if they are open to SQL Injection Attack. Stripping invalid characters from form inputs will reduce this risk.
If you have a form on your site that interacts with a database (e.g. a username/password login form), you should secure the form by adding an additional stage between submission and the database look-up. One way to do this is to check for valid content. Read the rest of this entry
Tags: Forms, Security, SQL, Web Apps | Categories: Software Development | 0 Comments