Preventing Request.Form abuse
- From: "Mark Rae" <mark@xxxxxxxxxxxxxxxxx>
- Date: Tue, 24 Oct 2006 21:16:51 +0100
Hi,
See the previous thread Request.Form abuse in this newsgroup...
I'm looking for a simple and efficient way to prevent people hijacking the
<form> tags on my websites and using them to send spam. I would imagine
they're using the HttpWebRequest method for this.
Essentially, it would require a property on a WebForm that indicates whether
it is *only* for PostBack (true by default, but configurable), which would
have any client POST request which is not from the URL of the page itself
would be ignored.
Alternatively, a "global" flag which could be set in web.config.
I think this would be of great benefit to everyone, as this sort of attack
is clearly becoming more and more common.
Does anyone have any suggestions for a good way to implement this?
I'm sure, as a group, we could come up with something really solid which
would help us all - as Juan said, we're all up the creek with this.
Let's get our thinking caps on, guys...
Who knows - we might even let Microsoft use it in a future version of
ASP.NET... ;-)
Mark
.
- Follow-Ups:
- Re: Preventing Request.Form abuse
- From: bruce barker \(sqlwork.com\)
- Re: Preventing Request.Form abuse
- From: John Timney \(MVP\)
- Re: Preventing Request.Form abuse
- Prev by Date: Re: Reading file from Client instead of Server
- Next by Date: Re: tab strips in ASP.NET 2.0?
- Previous by thread: Ms paint in ,NET
- Next by thread: Re: Preventing Request.Form abuse
- Index(es):
Relevant Pages
|
Loading
