This forum is no longer open and is for reading/searching only.
Please use our new MachForm Community Forum instead.
MachForm Community Forums » MachForm 2
Some security questions
Started 16 years ago by Pangdene | 5 posts |
-
Hi,
can you please confirm that MachForm prevents SQL injection attacks and also email header injections attacks?
Thanks!
P :)Posted 16 years ago # -
yuniar
Yes, MachForm has an extensive filtering and validation function, which automatically applied to all your form submission data to prevent those attacks.
MachForm also using a secure and reliable email library to send email.
MachForm Founder
Posted 16 years ago # -
Great!
Thanks
P :)Posted 16 years ago # -
This prevention does not appear to be that secure. I have a site that I've just added MachForm to and a spammer has successfully inserted spam code into the "Comments" field on an automatic basis.
Is there a way with MachForm to prevent a comments field from having "http:" in it? I think that would stop 90% of the attacks of this nature.
The e-mail headers that are being generated do not show the originating IP address for the spammer and they all have unique, and invalid, email addresses. They all have a link back to another unique url, also invalid.
Posted 16 years ago # -
yuniar
Hi ernest,
I think we're referring to different subjects here.
My post above was meant for sql injection attack and email header injection attack, not spam.
If your form is being targeted by spam bots, you will need to turn on Spam Protection (CAPTCHA). Click on form properties tab and enable it from there.
MachForm Founder
Posted 16 years ago #
Reply
You must log in to post.