Hi I'm after a bit of help and/or advice please
We have a very old (but stable) asp 3.0 website which uses JavaScript to do an auto forms submission to a 3rd party. They in turn do some processing then pass control back where based on the parameters received we trigger downstream processing (i.e a payment..)
We believe that someone may be "interfering" with this process by disabling JavaScript halting the forms submission and then submitting their own modified form back to us and triggering a successful transaction but bypassing the payment system...
Weve tried putting in checks for JavaScript enabled, validating http referrers etc but still no luck (as browsers such as FF can disable this)
Any suggestions as to how we may stop/block this sort of behaviour and enhance the protection of this site? (Please note changing from ASP is not currently an option and we'd prefer a zero cost option.....(I know but not my specifications..))
Thanks
We have a very old (but stable) asp 3.0 website which uses JavaScript to do an auto forms submission to a 3rd party. They in turn do some processing then pass control back where based on the parameters received we trigger downstream processing (i.e a payment..)
We believe that someone may be "interfering" with this process by disabling JavaScript halting the forms submission and then submitting their own modified form back to us and triggering a successful transaction but bypassing the payment system...
Weve tried putting in checks for JavaScript enabled, validating http referrers etc but still no luck (as browsers such as FF can disable this)
Any suggestions as to how we may stop/block this sort of behaviour and enhance the protection of this site? (Please note changing from ASP is not currently an option and we'd prefer a zero cost option.....(I know but not my specifications..))
Thanks