For the first time, I am doing a CF application for the internet....previously I had the luxury of only working on intranets with a captured, accountable audience, so security wasn't a huge issue.
I've written an application that is an adoption application split into 9 pages. The error checking is in one file and the page number is passed in the url. Now it occurs to me that there is nothing stopping a user from changing the page number and jumping ahead in the process.
I know I use the CGI. HTTP_REFERER to check for this, infact I remember using it to stop a 'rebel' intranet user, but I'm no longer at that place of business and don't have access to that code. I've googled CGI. HTTP_REFERER but can seem to find what I'm looking for.
thanks!
Stephanie
I've written an application that is an adoption application split into 9 pages. The error checking is in one file and the page number is passed in the url. Now it occurs to me that there is nothing stopping a user from changing the page number and jumping ahead in the process.
I know I use the CGI. HTTP_REFERER to check for this, infact I remember using it to stop a 'rebel' intranet user, but I'm no longer at that place of business and don't have access to that code. I've googled CGI. HTTP_REFERER but can seem to find what I'm looking for.
thanks!
Stephanie
