Comments on: protecting email forms http://www.digitalramble.com/2006/08/01/59/ surveyor of the foothills, valleys and occasional sheer cliff drops of the world of computer programming... Wed, 07 Jan 2009 04:24:13 +0000 http://wordpress.org/?v=2.3.1 By: Mike http://www.digitalramble.com/2006/08/01/59/#comment-387 Mike Mon, 02 Apr 2007 18:08:19 +0000 http://www.digitalramble.com/2006/08/01/59/#comment-387 "Force the mail script to accept only POST style connections and not GET. GET potentially lets the hacker alter the variables in the URL itself. In general, no form variable that is of a sensitive nature should be modifiable this way; in my mail scripts I disallow it altogether." I am not sure if you are aware, but POST data can be modified with only a tiny increase in difficulty. “Force the mail script to accept only POST style connections and not GET. GET potentially lets the hacker alter the variables in the URL itself. In general, no form variable that is of a sensitive nature should be modifiable this way; in my mail scripts I disallow it altogether.”

I am not sure if you are aware, but POST data can be modified with only a tiny increase in difficulty.

]]>