All things TrackVia!
Read, write, comment.
Post
- web form security
488 Views, 
2 CommentsTitle:web form securitySummary:Hi,
I have created a publicly accessible web form for data submission to one of my TrackVia databases. Is there any way to secure the database from any 'un-authorized', ie not through my web site, or automated data submission? I am imaging that someone could 'view source' on the offical web page and get all the field names, and datasetid and securitycode and then create either their own web page or an automated script to submit data. I am perhaps being overly paranoid, but is there any way to prevent that type of abuse of or attack on my database?
Thank you.
Comments
- posted 11/04/08 by Matt Strenz
Let me first say that we have not had any of our customers experience any issues with their forms getting "hijacked". If you do experience this we can change the security code at any time to stop an automated script from being able to spam your database with form submissions. Also, we have plans to add a capcha feature to TrackVia which would prevent a bot from submitting entries as a person would have to enter the correct code displayed in an image. As we make enhancements to TrackVia we will be releasing a new website forms tool that will make our forms much more dynamic. When we release the new form tool, we will take the necessary steps to prevent this issue. This is on our roadmap; however we do not have a set date of when this will be available.
- posted 11/04/08 by tom
Hi Matt.
Thanks for your response. I have no reason to think that anyone would want to or has tried to hijack my data submission forms. I was just being paranoid.
Is there anyway to restrict data submission by URL - if the submission comes from any URL other than the one I specify, the submission is ignored? It seems like the combination of security code and URL could stop much of the 'hijacked' data from getting into the database.
Thanks again.