[Mimedefang] OT: Email web form exploits
David F. Skoll
dfs at roaringpenguin.com
Thu Sep 8 20:47:47 EDT 2005
James Ebright wrote:
> Check the URI referrer and only allow the web form to be hit FROM the URLS
> that it should be linked to otherwise simply return an error similar to
> unauthorized access attempt....
Referrer can be faked. You can't trust any data supplied by the client.
Also, people who use privoxy or the like to suppress the referrer field
would get quite annoyed.
> would force the spammer to hit a valid URI to get the link to the webform
:-) Ah, the perils of trusting the client.
Regards,
David.
More information about the MIMEDefang
mailing list