 |
|||
|
FormMail.com :: Help | [ CLOSE ] | |
|
|||
| FormMail 1.92 :: Configure as Dynamic or Fixed? | |||
|
|||
You may have noticed that each configuration field in the FormMail 1.92 processor contains a select box with choices of Dynamic or Fixed. Initially, all fields are set to Dynamic with defaults designed to mimic the behavior of FormMail 1.92 as it would work if downloaded from Matt's Script Archive. Completely Optional It is fine to leave all of these fields dynamic. The ability to make them Fixed is there simply if you choose to do so for any reason. Hack Prevention One problem that some users run into when using FormMail is that they have to put all of the configuration information in the HTML source, leaving it open for anyone to see -- and also modify. Mischevious visitors are able to download your HTML form, modify some of the fields, and submit it to the FormMail processor. FormMail will then read their altered form and process it according to the rules found there. We have already taken steps to prevent these type of attacks from sending email to unauthorized users, effectively elimintaing the ability for someone else to steal your submissions for their own forms or for anyone to send spam messages. However, in some cases, they may still be able to read your configuration variables or change them if you have set these fields to dynamic. Setting any FormMail 1.92 field to Fixed means that the FormMail processor will ignore that form field configuration directive submitted with any form, and instead use the defaults you have configured. For example, suppose you want every form submission email message to contain the environment variables for the submittor's IP address and referring web page. You could set the Environment Vars field to 'REMOTE_ADDR,HTTP_REFERER' in the FormMail.com configuration and also set the field to 'Fixed'. These environment variables will now always be placed into your email, regardless of how the form is configured on your site or how a visitor has modified that form. Confused? If this seems a little over your head, you do not need to worry about it. Simply leave all of the fields Dynamic and read the detailed how-to for this form processor to learn about your options. | |||
| |||
| |||