Forms and security

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hi all,
I have a site up with forms where people fill in their personal information
to be put on file at our office. I have recently learned that by entering
the web address directly (www.hg/form - for example) there is a breach in
secuirty. When clients enter this way and submit, they see a file with every
entry ever made online and have access to other people's personal
information. When they follow the links through the site however, the form
works normally. How do I keep this from happening? Please help!
 
Then you form is coded incorrectly to start with, as the data entered by others shouldn't ever been
seen by other completing a form. The is another good reason for not storing the data on in text
files on the web site.

No one can help you without having access to your form code. Can you paste the code in a post and
remove any reference to your domain?

--
==============================================
Thomas A. Rowe (Microsoft MVP - FrontPage)
==============================================
If you feel your current issue is a results of installing
a Service Pack or security update, please contact
Microsoft Product Support Services:
http://support.microsoft.com
If the problem can be shown to have been caused by a
security update, then there is usually no charge for the call.
==============================================
 
Thomas,

Thank you for the generous offer to look over the code! I am a newbie, and
did not use code to design the site so it does nothing for me to look at it.
It is very extensive though (over 950 lines). Is there something in
particular I can look for, and just copy and paste that part? Or do you need
the whole thing? Thanks again!
 
For a start, paste the part of the form where <form... say about 10 lines.

--
==============================================
Thomas A. Rowe (Microsoft MVP - FrontPage)
==============================================
If you feel your current issue is a results of installing
a Service Pack or security update, please contact
Microsoft Product Support Services:
http://support.microsoft.com
If the problem can be shown to have been caused by a
security update, then there is usually no charge for the call.
==============================================
 
Or post a real URL to the form online

--

_____________________________________________
SBR @ ENJOY (-: [ Microsoft MVP - FrontPage ]
"Warning - Using the F1 Key will not break anything!" (-;
To find the best Newsgroup for FrontPage support see:
http://www.frontpagemvps.com/FrontPageNewsGroups/tabid/53/Default.aspx
_____________________________________________


| For a start, paste the part of the form where <form... say about 10 lines.
|
| --
| ==============================================
| Thomas A. Rowe (Microsoft MVP - FrontPage)
| ==============================================
| If you feel your current issue is a results of installing
| a Service Pack or security update, please contact
| Microsoft Product Support Services:
| http://support.microsoft.com
| If the problem can be shown to have been caused by a
| security update, then there is usually no charge for the call.
| ==============================================
|
| | > Thomas,
| >
| > Thank you for the generous offer to look over the code! I am a newbie, and
| > did not use code to design the site so it does nothing for me to look at it.
| > It is very extensive though (over 950 lines). Is there something in
| > particular I can look for, and just copy and paste that part? Or do you need
| > the whole thing? Thanks again!
| >
| > "Thomas A. Rowe" wrote:
| >
| >> Then you form is coded incorrectly to start with, as the data entered by others shouldn't ever
| >> been
| >> seen by other completing a form. The is another good reason for not storing the data on in text
| >> files on the web site.
| >>
| >> No one can help you without having access to your form code. Can you paste the code in a post and
| >> remove any reference to your domain?
| >>
| >> --
| >> ==============================================
| >> Thomas A. Rowe (Microsoft MVP - FrontPage)
| >> ==============================================
| >> If you feel your current issue is a results of installing
| >> a Service Pack or security update, please contact
| >> Microsoft Product Support Services:
| >> http://support.microsoft.com
| >> If the problem can be shown to have been caused by a
| >> security update, then there is usually no charge for the call.
| >> ==============================================
| >>
| >> | >> > Hi all,
| >> > I have a site up with forms where people fill in their personal information
| >> > to be put on file at our office. I have recently learned that by entering
| >> > the web address directly (www.hg/form - for example) there is a breach in
| >> > secuirty. When clients enter this way and submit, they see a file with every
| >> > entry ever made online and have access to other people's personal
| >> > information. When they follow the links through the site however, the form
| >> > works normally. How do I keep this from happening? Please help!
| >>
| >>
| >>
|
|
 
Thomas, please let me know if this is what you were reffering to:
<form method="POST" action="--WEBBOT-SELF--"
onsubmit="location.href='_derived/nortbots.htm';return false;"
language="JavaScript" name="FrontPage_Form1" webbot-onSubmit="return
FrontPage_Form1_Validator(this)">
<!--webbot bot="SaveResults" U-File="_private/form_results.csv"
S-Format="TEXT/CSV" S-Label-Fields="TRUE" B-Reverse-Chronology="FALSE"
S-Email-Format="TEXT/PRE" S-Email-Address="(e-mail address removed)"
B-Email-Label-Fields="TRUE" B-Email-Subject-From-Field="FALSE"
S-Email-Subject="Database" S-Date-Format="%d-%b-%Y" S-Time-Format="%I:%M %p"
S-Builtin-Fields="Date Time" U-Confirmation-Url="thankyou.htm" startspan
--><input TYPE="hidden" NAME="VTI-GROUP" VALUE="0"><!--webbot
bot="SaveResults" i-checksum="43374" endspan -->

Thanks again, hope to hear from you soon!
 
Yes, I see nothing wrong with the code you pasted, but you are saying the user are being directed to
the "_private/form_results.csv" file after submitting the form when they click a link directly to
the form, correct? If so then you web host doesn't have the FP extensions configured correctly
and/or the permissions are set wrong on the server by the web host.

--
==============================================
Thomas A. Rowe (Microsoft MVP - FrontPage)
==============================================
If you feel your current issue is a results of installing
a Service Pack or security update, please contact
Microsoft Product Support Services:
http://support.microsoft.com
If the problem can be shown to have been caused by a
security update, then there is usually no charge for the call.
==============================================
 
Back
Top