[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] CGIWrap Error?

Subject: Re: [cobalt-users] CGIWrap Error?
From: "H.P. Stroebel" <hpstr@xxxxxxxxxxxxx>
Date: Tue Jan 30 02:10:58 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

baltimoremd@xxxxxxxxxxxxxxx schrieb:

> <FORM METHOD="POST" action="http://www.yourdomain.com/cgi-bin/formmail.pl";>
> <input type="hidden" name="recipient"
> value="baltimoremd@xxxxxxxxxxxxxxx">
> <input type=hidden name="subject" value="Hosting Order">
> <input type=hidden name="title" value="Thank you for your Order">
> <input type=hidden name="required"
> value="Email,Realname,Phonecall,Logon,Password,Payplan,Frontpage,Domain,Register,Street,City,State,Zip,Country">
> <input type=hidden name="print_config" value="Email,Realname">

i don`t like that, as one could easily alter this values by simply
changing the html, if the program doesn`t verify it.

> @referers = ('yourdomian.com,'xxx.xxx.xxx.xx');

using wget, curl or a little perl script for example, even the referer
can be changed.

would alienform be an alternative ? template driven, and does not
contain values to change (the path to the templates, but it will stop
working if it doesn`t find them; so little chance by altering html)

-- 

H. P.  Stroebel, Germany

CGI-FAQ for Raq-Newbies :
http://users.iol.it/hpstr/

Apollo 13 - Commander : "Houston, we have a problem"
Win2000 - Administrator : "Redmond, we have 64000 problems"

Follow-Ups:
- Re: [cobalt-users] CGIWrap Error?
  - From: baltimoremd

References:
- Re: [cobalt-users] CGIWrap Error?
  - From: baltimoremd

Prev by Date: Re: [cobalt-users] Shell Scripting
Next by Date: Re: [cobalt-users] CGIWrap Error?
Previous by thread: Re: [cobalt-users] CGIWrap Error?
Next by thread: Re: [cobalt-users] CGIWrap Error?

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index