Creating your own form.

XML, Perl, Python, and other languages can be discussed here, even if it isn't PHP (We might forgive you).

Moderator: General Moderators

Post Reply
User avatar
JellyFish
DevNet Resident
Posts: 1361
Joined: Tue Feb 14, 2006 7:18 pm
Location: San Diego, CA

Creating your own form.

Post by JellyFish »

Okay lets say there is a front-end and a back-end of this form. What I mean when I say front-end and back-end is that there are two pages, one is a form with text input fields for the client to input, and the other is a script that takes the information and parses for errors and submits it to the database.

Now that you have the picture. I was wondering if it's possible to someone to create the front-end script on there own server. For instance:

Someone at google.com makes the two front and back-end scripts and uploads them to their server. They place the action attribute to equal "sumbitform.php".
Then someone at yahoo.com sees this and says "Mmm." then makes a front-end script, places it on their server, with the action attribute set to "http://www.google.com/submitform.php".

So you see what I am getting at?

So is this possible?
Last edited by JellyFish on Tue Jul 25, 2006 9:55 pm, edited 1 time in total.
User avatar
Luke
The Ninja Space Mod
Posts: 6424
Joined: Fri Aug 05, 2005 1:53 pm
Location: Paradise, CA

Post by Luke »

yes... but most sites protect against it.

EDIT: Actually no they don't... but they should.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

Yeah, it's easily done and done a lot. So long as the destination follows the common sense of validation and verification, there's nothing to protect against further really.
User avatar
Luke
The Ninja Space Mod
Posts: 6424
Joined: Fri Aug 05, 2005 1:53 pm
Location: Paradise, CA

Post by Luke »

sites like mapquest probably expect it.

(Feyd: There are definately cases where this would need to be protected against... ie: signing up a new user from another site... right?)
User avatar
Burrito
Spockulator
Posts: 4715
Joined: Wed Feb 04, 2004 8:15 pm
Location: Eden, Utah

Post by Burrito »

in cases where it would need to be protected against...you could do a challenge response.
User avatar
JellyFish
DevNet Resident
Posts: 1361
Joined: Tue Feb 14, 2006 7:18 pm
Location: San Diego, CA

Post by JellyFish »

Yeah I agrees with what ninja says. What if someone created a front-end that kinda floods the the posts to the database. This is one of the reasons why yahoo, google, msn and many sites put the picture thingy, that has the numbers and sometimes letters and visa versa, that require you to submit the right description provided in the picture.

I might add that I meant a form using the post method not get cause I already know that the get method you just simple add the right variables in the url, such as googles "q=yeahyeah", which I think the q stands for quary not sure.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

As I already said, so long as the destination performs the common sense of validation and verifications, there's little to protect against as there's little that would change for it. Now, if the page is improperly coded, which many likely are, you would need to be more worried.
User avatar
Luke
The Ninja Space Mod
Posts: 6424
Joined: Fri Aug 05, 2005 1:53 pm
Location: Paradise, CA

Post by Luke »

feyd - I just realized I mis-read your original post. :oops:
Post Reply