Best option to secure a form

For Joomla! 3.x Coding related discussions, you could also use: http://groups.google.com/group/joomla-dev-general

Moderators: ooffick, General Support Moderators

Forum rules
Locked
Adun
Joomla! Apprentice
Joomla! Apprentice
Posts: 17
Joined: Thu Nov 28, 2013 9:26 pm

Best option to secure a form

Post by Adun » Sun Apr 06, 2014 9:15 am

Hello Everyone,

I'm back with another question :).
I'm wondering what is the best option to secure the sending of the form.

1- The captcha:

I dislike this option. It's very difficult to include to my template.... The result is very ugly and even for the user the captcha is unreadable most of the time.

2- The hidden field:

I think that it's a smart option.
I add a hidden text input into my form. It's defined as invisible in the Css file.

Code: Select all

<input name="test" class="testInvisible" type="text" />
Before sending the form, I check the value for this field. If the value is not null, it means that the form has been filled by non-human.


What do you think? Do you have other options?
For me the option2 is good because it's not visible for the user.
Top
jratunh21
Joomla! Guru
Joomla! Guru
Posts: 651
Joined: Thu Oct 12, 2006 10:55 pm
Location: CT (USA)
Contact:
Contact jratunh21

Re: Best option to secure a form

Post by jratunh21 » Mon Apr 07, 2014 7:40 pm

I'd go with the captcha my friend. Just use a different captcha lol
http://www.letmefixthatforyou.com
http://vel.joomla.org/ [Joomla's Vulnerable Extension List]
"When in doubt, just ask Google"
Top
RedEye
Joomla! Ace
Joomla! Ace
Posts: 1460
Joined: Sat Jan 21, 2006 8:42 pm

Re: Best option to secure a form

Post by RedEye » Wed Apr 09, 2014 4:32 pm

Adun wrote: 2- The hidden field:

I think that it's a smart option.
I add a hidden text input into my form. It's defined as invisible in the Css file.

Code: Select all

<input name="test" class="testInvisible" type="text" />
Before sending the form, I check the value for this field. If the value is not null, it means that the form has been filled by non-human.
That is everything, but not a smart option!
Do you really think that bot coders are stupid idiots?
Coders can not only write code, they also can read it ;) and by reading yours they would notice that this field is not used...

1. every of your forms should include <?php echo Html::_('form.token'); ?>
2. use captcha if you like
Top
Adun
Joomla! Apprentice
Joomla! Apprentice
Posts: 17
Joined: Thu Nov 28, 2013 9:26 pm

Re: Best option to secure a form

Post by Adun » Wed Apr 09, 2014 8:39 pm

Hello RedEye and thanks for your answer.
Coders can not only write code, they also can read it
You are right but I think most of them(>99%) do not explore the css file. That's why I was using the class parameter. Apparently this method is quite efficient.

. every of your forms should include <?php echo Html::_('form.token'); ?>
From my understanding, this line protects against attack type "Cross-site request forgery" (CSRF). So it's important but it does not protect against form filling bot.

What do you think?
Top
Locked

Return to “Joomla! 3.x Coding”