cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Exit
search
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
  • 한국 커뮤니티
0
Upvote

form security

Guest
Mar 10, 2007 Mar 10, 2007
I use dreamweaver 8 and use a lot of forms to have information filled in by web users emailed to me. I have a hosting service (idmi.net) telling me that my forms are not secure from spammers and must meet the following guidelines:

(email form server host) Please take a look at the following guidelines for putting a form on our servers. We cannot teach our customers how to secure their forms because: 1. This is a service we sell, 2. It will take time from our developers to help you fix your forms for which we won’t be reimbursed. Please take a look at the guidelines below. All forms on our servers must comply with these guidelines. If not, we will be forced to remove them from our servers. If they are reposted, we will be forced to remove FTP access to make changes to the site. Our primary job is to keep our servers safe for all of our customers.



1. No generic form processing scripts can be used. Each form on your web site must have it’s own code (php,asp,asp.net) to process the results.

2. Submit e-mail is hidden in code to prevent it from being harvested by email bots.

3. At least one field must be required as input to prevent meaningless submissions.

4. All variables are sanitized, scrubbed, and trimmed to prevent any form of malicious injection. Make sure that all e-mail header fields are protected.

5. All input fields have maximum lengths defined and enforced by code (php/asp/asp.net) and not just JavaScript.

6. If email fields are accepted, they must be validated. Full validation is not required (i.e. the address or domain actually exists), but they must be a valid e-mail address.

7. Encode all variables sent via QueryString parameters that will be used in form inputs.

8. User Stored Procedures and variables if writing to a text file or database.

9. Referring page checks can be eliminated because this is easily spoofed.



For more information please view the following reference:



http://www.anders.com/projects/sysadmin/formPostHijacking/

http://computerbookshelf.com/email_injection/

I am not sure where i am not secure?

thanks for any help

TOPICS
Server side applications
705
Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
replies 11 Replies 11
latest latest Jump to latest reply
Newsgroup_User
LEGEND ,
Mar 10, 2007 Mar 10, 2007
jim balthrop wrote:
> I use dreamweaver 8 and use a lot of forms to have information filled in by
> web users emailed to me. I have a hosting service (idmi.net) telling me that
> my forms are not secure from spammers and must meet the following guidelines:

It looks as though you're using a WebAssist extension, so I suggest you
contact the WebAssist forum for advice.

--
David Powers, Adobe Community Expert
Author, "Foundation PHP for Dreamweaver 8" (friends of ED)
Author, "PHP Solutions" (friends of ED)
http://foundationphp.com/
Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Guest
Mar 10, 2007 Mar 10, 2007
i do use web assist and also use dreamweaver 8. i am looking for a correct answer any where a can find it. solving this spammer problem and speading the ability to solve this problem is beneficial to all that use the internet.

thanks for any help
jim balthrop
Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Newsgroup_User
LEGEND ,
Mar 10, 2007 Mar 10, 2007
jim balthrop wrote:
> i do use web assist and also use dreamweaver 8. i am looking for a correct
> answer any where a can find it. solving this spammer problem and speading the
> ability to solve this problem is beneficial to all that use the internet.

Dreamweaver doesn't have any built-in capability to solve spam. Perhaps
it should, but it doesn't. Why not submit an enhancement request to the
Dreamweaver development team?

http://www.adobe.com/cfusion/mmform/index.cfm?name=wishform

As for finding out whether there is any problem with the WebAssist
extension you're using (and I'm not saying there is), WebAssist is the
place to ask.

--
David Powers, Adobe Community Expert
Author, "Foundation PHP for Dreamweaver 8" (friends of ED)
Author, "PHP Solutions" (friends of ED)
http://foundationphp.com/
Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Guest
Mar 11, 2007 Mar 11, 2007
Thanks David. I have submitted request for enhancement to adobe for DW. it is something that i would purchase. (I hate spam).
i have also submitted a technical support incident to web assist.

Jim Balthrop
Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
hconnorjr
Participant ,
Mar 17, 2007 Mar 17, 2007
you could just use captcha. http://www.captcha.net/. also, check out adobe romania, for their product offering.
Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
MontyC
Explorer ,
Apr 25, 2007 Apr 25, 2007
Jim,

I also use Web Assist's Universal Email tool and am concerned about spam. Would you mind sharing what the Web Assist response was to your technical support incident?

Monty
Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Guest
Apr 25, 2007 Apr 25, 2007
In Response To MontyC
the web assist tech support concerning universal email did not really help my specific situation. what i found out about my form security in the end had more to do with validation than anything else. i was using only javascript validation and not server side validation. i started using web assist server validation and show if validation and learned how that would satisfy the host server's concern about form security. the validation required proper form submission before any submit would occur and trigger the universal email, thus eliminating the concern of spam hijacking of the server through universal email scripts.
Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
MontyC
Explorer ,
Apr 25, 2007 Apr 25, 2007
Jim,

Thank you so much for your reply. You said you started using Web Assist server validation and show if validation. If you could tell me how to do those things, or where I can find Web Assist instructions for those, I would be most grateful.

Monty
Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Guest
Apr 25, 2007 Apr 25, 2007
In Response To MontyC
the product i use is Web Assist Validation Toolkit which was part of Super Suite. it has client side validation which is javascript tags, but the more sucure use is the server side validation under the dreamweaver>application>server behaviors. with the product is turorials which were fairly easy to learn. find under help>web assist>validation toolkit; i use Dreamweaver 8, so all of this is an extension of dreamweaver.

here is a customer sign up form that was not secure before i started using the validation toolkit and now is ok according to my host server. it uses dreamweaver insert record to send the information to an access database and it uses universal email to send me an email with the form information and to let me know i have a new customer to set up in our business software.
you can play around with the form and even go to completion, just put testing form as the customer name.
http://www.prcleaningsupply.com/homepage/setupacct.asp
Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
MontyC
Explorer ,
Apr 25, 2007 Apr 25, 2007
Thank you, Jim.

Looks like I may need to buy more Web Assist products.

Monty
Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Guest
Apr 25, 2007 Apr 25, 2007
LATEST
In Response To MontyC
you can buy the validation toolkit separately.

jim
Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Copyright © 2025 Adobe. All rights reserved.
Using the Community Experience League Terms of Use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices