• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Securing email forms

 
Ranch Hand
Posts: 126
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

First off, I'd like to apologise if this isn't the appropriate forum to present my problem. Basically, I have a form on a jsp page that posts email information to a servlet, that sends email using JavaMail.

My problem is that it's just a form, and there is nothing to prevent the form from being abused. The destination email address is fixed and only known to the servlet, I'm mainly concerned about people sending mass email through this form with no way of preventing it.

I was thinking of making a verification image, perhaps by using JCaptcha, and was wondering if that was the best way to go about securing a form like this? Or, are there easier alternatives to get the job done?

Thanks,
Jason
 
Sheriff
Posts: 13411
Firefox Browser VI Editor Redhat
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You'd have to tell us a little more about how the form is used.

Do users have to be logged in to use it?
If so, all you would need to do is verify that they have a valid session.

Can they enter email addresses directly or are you getting the email addresses from a database on the back end?

The more we know about your requirements the more likely we will be to be able to give you good advice.
 
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
That sounds like a "contact me" page on a public web site, correct? In that case, a captcha should be sufficient to cut down on automatically sent mails.
 
Jason Kwok
Ranch Hand
Posts: 126
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Ulf is right, it's a contact page on a public website. No login is required, and as such, no sessions are maintained in any way, shape or form at this point.

The destination email is retrieved from the database, and only known internally by the mail servlet. People using this form can only provide their name, reply email address, subject and message.

The form basically is constructed as such, where Mail is my servlet:
 
Don't get me started about those stupid light bulbs.
reply
    Bookmark Topic Watch Topic
  • New Topic