Need help: Security while submiting Form from client

opdsimran

Hi,

This is a javascript query..

Consider a case..

I went to a url "http://www.phpbuilder.com/board/newthread.php?s=&action=newthread&forumid=10" (the url is same that u get currently in ur location bar) and save as the file on my desktop.

later i can edit the html file on my desktop and also submit it which may result in the submission of the unwanted stuff.

Okie..now what i want is whoever is saving the file on their desktop and later trying to submit the file should not be able to do so.

Any solution .

seems impossible for me...but hope some of them may come with a better security option..

Thanks
OM

mogster

Well, you should always check the data on reception at the server. No point in actually protecting your html-code/forms, as this will be accessible in most cases anyway (you might do it with javascript, but it's not safe).

But check the data posted by the form, wether it is from another server or your own, and remove tags and other unwanted chars.
You KNOW what data is to be recieved, and probably also what format the data's not supposed to have. In addition, you can check if the request method is correct (POST), and collect http-data (ip, useragent) from your clients.

A lot of possibilities, but the safe way is to protect the php-code in the recieving end 😉

knutm