Win a copy of Mesos in Action this week in the Cloud/Virtualizaton forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Securing email forms

 
Jason Kwok
Ranch Hand
Posts: 126
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

First off, I'd like to apologise if this isn't the appropriate forum to present my problem. Basically, I have a form on a jsp page that posts email information to a servlet, that sends email using JavaMail.

My problem is that it's just a form, and there is nothing to prevent the form from being abused. The destination email address is fixed and only known to the servlet, I'm mainly concerned about people sending mass email through this form with no way of preventing it.

I was thinking of making a verification image, perhaps by using JCaptcha, and was wondering if that was the best way to go about securing a form like this? Or, are there easier alternatives to get the job done?

Thanks,
Jason
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You'd have to tell us a little more about how the form is used.

Do users have to be logged in to use it?
If so, all you would need to do is verify that they have a valid session.

Can they enter email addresses directly or are you getting the email addresses from a database on the back end?

The more we know about your requirements the more likely we will be to be able to give you good advice.
 
Ulf Dittmer
Rancher
Posts: 42967
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
That sounds like a "contact me" page on a public web site, correct? In that case, a captcha should be sufficient to cut down on automatically sent mails.
 
Jason Kwok
Ranch Hand
Posts: 126
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ulf is right, it's a contact page on a public website. No login is required, and as such, no sessions are maintained in any way, shape or form at this point.

The destination email is retrieved from the database, and only known internally by the mail servlet. People using this form can only provide their name, reply email address, subject and message.

The form basically is constructed as such, where Mail is my servlet:
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic