So. I want to stop people copying my form source, uploading it to their site, and then using it to send their own data. The accepted method of doing this is hashing, right? Generating a random key, storing it in the session, as well as in a hidden field in the form, and then checking they match on the recieving page.
Ok, so that works fine in theory, but, suppose the hacker opens my form page, grabs the source (complete with key) makes their modifications, uploads their version of the form, and sends it, not having closed my sites window, or submitting my form.
Whats happened is, my site has generated a key (because the form page has been opened) its stored the key in the session. The hacker has got the same key out of the source code, and, my site sits waiting for someone to submit THAT KEY, so when they do, it works. Just once granted, but once is quite enough.
So my question is, does anyone know of a better way?
