垃圾邮件机器人提交表单是否会带来安全风险? [英] Do form submissions by spam bots ever pose a security risk?
问题描述
一个垃圾邮件机器人找到了我的注册表单,并在垃圾邮件提交中填充了我的数据库.该表单是基本的asp.net注册,可创建新的成员身份用户并捕获帐户信息,例如姓名,地址,电话等.我不打算尝试输入验证码,而是打算尝试蜜罐字段.但是,我的问题不是关于预防*,而是关于安全性.垃圾邮件会构成哪些潜在风险?我已经参数化了我所有的SQL以处理明显的SQL注入内容.还有哪些其他风险?有谁知道如何使用漫游器通过网站的表单来攻击网站?什么时候垃圾邮件提交不仅仅代表垃圾邮件?
A spam bot has found my sign-up form and is filling my database with spam submissions. The form is a basic asp.net registration that creates a new membership user and captures account information such as name, address, phone, etc. Rather than implement a captcha I plan to try a honeypot field. However, my question is not about prevention* but rather about security. What potential risk does form spam pose? I already parameterize all of my SQL to handle the obvious SQL injection stuff. What are the other risks? Is anyone aware of how one might use a bot to attack a site through the site's form(s)? When do spam submissions represent more than just spam?
**以下是一些与有兴趣的人相关的帖子:*
**Here are some posts related to prevention for anyone who is interested:*
推荐答案
您可能遇到的任何安全风险均与是否批量提交表单完全无关.
Any security risks you may have are completely independent of whether the form is being submitted in bulk.
唯一的 new 安全风险与僵尸程序填满您的磁盘时发生的情况有关.
The only new security risk relates to what happens if the bots fill up your disk.
这篇关于垃圾邮件机器人提交表单是否会带来安全风险?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
