Keeping you off the Spam Radar.

Its Simple!

   
Skip Navigation LinksHome > Feature Preview > Protect your site > Server validation   |   Login

Server Side Validation

Validation

POstealth does both client side validation and server side validation. Client side validation provides a richer user experience but it is not very safe nowadays in Web applications. Server side validation is vital from a security standpoint. It ensures that cheaters aren't directly accessing your web service and falsely claiming to be a valid user.

How it works.

POstealths Redirect feature does all the client side work for you. (If you want to do the client side work yourself you can use the Client Side API to add protection directly to your site.) Server side verify starts by passing a ticket as a parameter to the URL you entered in the Redirect Preferences. For example if you entered the following URL into the Redirect Preferences:

http://myhome.com/guestbook.htm

then POstealth will append an argument called "ticket" to that URL like this*.
(*POstealth does not append this ticket by default for security reasons. To add the ticket to your Redirect URL please check “Server Side Validation” in your Redirect Preferences.)

http://myhome.com/guestbook.htm?ticket=XXXX

You can use this ticket from your own server side processor to ask the POstealth server if the request is valid.

Asking the
POstealth Server

To ask the POstealth server if the ticket is valid you need to Query (Samples below) the following URL using the given ticket:

https://www.postealth.com/Verify.aspx?action=ValidateTicket&ticket= XXXX

Successful queries will return the following XML fragment:
<PostealthValidation>
    <Result>Pass</Result>
</PostealthValidation>

Unsuccessful queries will return the following XML fragment:
<PostealthValidation>
    <Result>Fail</Result>
</PostealthValidation>


Restrictions

The ticket may only be queried once to make sure your page is not abused using Back <-> Next tricks or by capturing the URL and using it elsewhere. Unused tickets expire within 20 minutes as an additional safety feature.


Samples

POstealth Server Side Validation is hardware and software independent. The three samples below are in no way exclusive. Any technology capable of processing web service requests can be used with POstealth.
C#
Python
PHP

Copyright © 2006-2008 Sweat & Magic LLC