|
|
Posted by Dikkie Dik on 01/24/08 09:39
>> Or, you're not checking the security field before sending the email.
>
> Of **COURSE** I am. [I even tested it :-) --- and many times].
Well, Jerry is right, you know. If the mail gets sent without the field
being filled in, there is something wrong with your check. AND with your
tests.
> Filling in all the fields and either leaving that one empty, or with
> the wrong info, prevents an email from being sent and the page is
> presented again so that the user can fill it in properly.
Take one step back. A code is presented (generated by your page). That
code has to be stored somewhere to do the check later, doesn't it? Where
do you store it? In the session? In that case, the code in the session
is an empty string (not true, but your server settings can make it act
like it) whenever you post the form directly (thereby starting a
session) without first seeing the form and the code.
Also, you say there are no addresses on the form. Any header field (like
a subject) will do to do spamming, if you don't check things. However,
if it sent to you and your address is not in the page, it is most likely
that your security mechanism just fails.
>
> Jerry, why in the world would I go throught the trouble of generating
> a security field if I weren't testing for its accuracy? That would be
> just plain stupid.
To err is human, not stupid. To ask questions can even be considered
wise. To point others at there errors can be either helpful or annoying.
You decide ;)
Good luck!
Navigation:
[Reply to this message]
|