Hello,
i have used Chronoforms 5 for 3 different sites this year and it all worked well. However today the host of one of the sites informed me that they had to temporarily close the site because "the site has been victim of an intrusion and it started to generate illicit traffic". the site runs on Joomla 3.8.0. the host was not able to give more information on what the cause may have been (and i do not have the knowledge to verify it myself), but they said that plugins can sometimes have some vulnerabilities. I have already set up the site and i plan to move to CF 6, but i wanted to ask if you are aware of similar cases for CF5 and if you have any advise on things that i should or should not do when installing and creting CF6 (or 5) forms. very likely i plan to buy the full version if i upgrade to CF6.
thank you and best regards
i have used Chronoforms 5 for 3 different sites this year and it all worked well. However today the host of one of the sites informed me that they had to temporarily close the site because "the site has been victim of an intrusion and it started to generate illicit traffic". the site runs on Joomla 3.8.0. the host was not able to give more information on what the cause may have been (and i do not have the knowledge to verify it myself), but they said that plugins can sometimes have some vulnerabilities. I have already set up the site and i plan to move to CF 6, but i wanted to ask if you are aware of similar cases for CF5 and if you have any advise on things that i should or should not do when installing and creting CF6 (or 5) forms. very likely i plan to buy the full version if i upgrade to CF6.
thank you and best regards
Hi maqroll71,
Use serverside validation to validate and sanitise the submitted data before saving it to a database table (or doing anything much else).
Validation checks that the data is the correct expected format e.g an email address is an email address.
Sanitisation checks the data for any malicious or unwanted content.
See here for more info
Bob
Use serverside validation to validate and sanitise the submitted data before saving it to a database table (or doing anything much else).
Validation checks that the data is the correct expected format e.g an email address is an email address.
Sanitisation checks the data for any malicious or unwanted content.
See here for more info
Bob
Thank you very much Bob. It may be a dumb question (i'm no expert) but are these operations you suggest doable directly from Chronoforms6 while setting up a form? I know about validation (and i think i've always turned it on for email addresses from the form designer) but i do not know about sanitisation. I see the code lines in the link you suggested but i do not know where i can input those lines. is it something that requires professional knowledge?
or when you say "server side" does it mean it's something that should be done by the website host?
thanks!
or when you say "server side" does it mean it's something that should be done by the website host?
thanks!
Hi maqroll71,
First - be clear that the JavaScript client-side validation that you turn on for email addresses etc does 'nothing' to protect the site from malicious content. A malicious spammer will probably have JavaScript disabled and so by-pass the checks. What client-side validation is invaluable for is helping your real users enter their data cleanly and correctly.
Server-side validation and sanitisation are done on the server after the form submits.
ChronoForms v6 has two server-side validation actions that can help you with that step - please see pp 13 & 14 of the manual.
That does not do sanitisation e.g. checking text input and text area content - you can do that using Custom PHP. Please see this FAQ for more info, the syntax will be a bit different in CFv6 but the approach is the same.
Bob
First - be clear that the JavaScript client-side validation that you turn on for email addresses etc does 'nothing' to protect the site from malicious content. A malicious spammer will probably have JavaScript disabled and so by-pass the checks. What client-side validation is invaluable for is helping your real users enter their data cleanly and correctly.
Server-side validation and sanitisation are done on the server after the form submits.
ChronoForms v6 has two server-side validation actions that can help you with that step - please see pp 13 & 14 of the manual.
That does not do sanitisation e.g. checking text input and text area content - you can do that using Custom PHP. Please see this FAQ for more info, the syntax will be a bit different in CFv6 but the approach is the same.
Bob
This topic is locked and no more replies can be posted.
