Menu
▾
▴
[Nms-cgi-devel] [ nms-cgi-Feature Requests-760837 ] Add fields for user verification
|
From: SourceForge.net <no...@so...> - 2004-10-12 10:27:15
|
Feature Requests item #760837, was opened at 2003-06-25 23:00 Message generated for change (Comment added) made by gellyfish You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=425772&aid=760837&group_id=39625 Category: None Group: None >Status: Closed Priority: 5 Submitted By: Scott Jordan (msjordan) Assigned to: Nobody/Anonymous (nobody) Summary: Add fields for user verification Initial Comment: Add some extra fields in sub configuration_form_fields. Give users the option to check the field values to verify that the submission came from their html form. This would give the user the ability to set fields to predeterminied values in the html form, then check the values in the script. For example, in older versions one could add additional fields such as one named 'session': <--snip--> print_blank_fields missing_fields_redirect session (user field) ); Field session would be set to a value in the user's html form. The script would abort if the user field value was not set to the proper value. In this case, the script expects field 'session' to have a value of 7720 set in the html. if ($Config{session} ne "7720") { exit; } This would provide another level of protection from formmail script spammers who repeatedly submit bogus requests to formmail scripts. We've seen some of them forging the 'referer' fields so the @referers check won't always stop the bogus requests. The user can set the expected user field value whenever they wish. ---------------------------------------------------------------------- >Comment By: Jonathan Stowe (gellyfish) Date: 2004-10-12 10:27 Message: Logged In: YES user_id=313586 Have added the session capability to TFMail - if you have any further questions please refer to nms...@li... ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2004-10-06 13:06 Message: Logged In: NO That wouldn't stop bogus requests (which aren't processed anyway). ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=425772&aid=760837&group_id=39625 |
