KBD

Keith Devens .com

Friday, March 19, 2010 Flag waving
Simplicity takes effort-- genius, even. – Paul Graham

Tag: Security

Daily link icon Friday, March 10, 2006

Protect against automated form postings

What's a good way to protect against automated form postings? I figure I'll change my Formation library (public version terribly out of date) to automatically (if the form is a POST) add a timestamp field, an IP address field, and a hash of the two with a secret seed to the form, and then automatically reject the form if the submission isn't from the same IP address and if the IP+timestamp hash in the form isn't correct. And because the code to do this is in the library, clients of the library don't have to know anything about it.

This scheme would require a spammer to write software to spider my form pages each time before posting a comment, unlike the situation now where they can just spit 'name', 'e-mail', and 'text' at an entry page. That's still possible, of course, but it's unlikely anyone would go through the trouble. An even more protective system would use Javascript to do something fancy, but that's not a route I want to go down.

Anything better I'm missing? What does WordPress do? Matt, what was your idea again?

March 2010
SunMonTueWedThuFriSat
 123456
78910111213
14151617181920
21222324252627
28293031 



RSS feed RSS feed for Keith's Weblog
Atom feed Atom feed for Keith's Weblog
Weblog archive
Recent comments
  on 2 posts

Recent comments XML

I hate ASP.NET

I hate ASP... I was doing wonders​with PHP, then suddenly one of my​clients...

Johnies: Mar 17, 6:14am

Quantum physics and free will

I knew you were going to say that....

Tom Massey: Mar 15, 9:26pm

Generated in about 0.118s.

(Used 10 db queries)