in reply to newb: Best way to protect CGI from non-form invocation?

I recently read a blog entry on "The Coding Horror" (http://www.codinghorror.com/blog/archives/000712.html) in which the blogger (Jeff Atwood) explained that he had added an extremely low-tech captcha to his submission form-- the same jpg every time. He finds that for his purposes, this works-- it stops 99.9% of his comment spam in his blog, simply because there is a captcha.

Granted, it may not be the most sophisticated method, but why not try this before you shell out for a high-powered solution?

  • Comment on Re: newb: Best way to protect CGI from non-form invocation?

Replies are listed 'Best First'.
Re^2: newb: Best way to protect CGI from non-form invocation?
by JCHallgren (Sexton) on Feb 05, 2007 at 22:58 UTC
    Given that I'm using a website host that would seem to be quite flexible in what options I can have...to the point where they are WAY beyond my skills...back to one original point: Is there something that can be set EXTERNAL to my CGI that would prevent its execution when a POST buffer greater than 3K is passed to it? So that my CGI would never have to deal with data and also prevent DOS(?) attacks?
      You should probably take a look at this. It has a lot of helpful tips, along with answering your question in the first entry.
        It was AFTER reading that section/page that I came up with my question! So it did NOT answer it, but helped cause question...as I'm not using CGI:pm, for various reasons (which experts here will likely disagree with) that I could not see how it would handle my data in the way that I needed to...so need some info on what methods might work when not using the standard rountines, ok?