It's a form-spam trap. This will insert input fields that do not appear to "real" visitors, but "robots" will insert content into them -- and the form will error out.
Well that's an interesting piece of news - great if it works as it woll resolve certain issues I am having. Where does BC give mention to this?
Is this a 2nd level of security we should add in on top of CAPTCHA or is this an alternative to CAPTCHA? It wuld be god to know the context of using this funtion.
Thanks for the heads up FriscoTX
It is under eCommerce section so double check that it works in normal forms.
Things like Shipping address for example if you put that in a web form that is not used under the eCOmmerce layout it will do NOTHING. It will store no data anywhere in the system
I am guess the CC is for Credit card stuff. I will try touch base with support guys and find out.
If you have Firefox and the Web Developer add-on, use the "Populate Forms Fields" on such a form to see the error that gets triggered. No error when you manually complete the form.
Seems like it can work either as an alternative or a 2nd level to a CAPTCHA.
No documentation anywhere that I can find. I think this came out right around the time Adobe bought out BC. Think I asked about it either in a ticket or back in the days when they offered support webinars twice a week.
Thats part of the captcha.
That has been doing that and had the hidden field for some time.
Add captcha and try it.
I look forward to seeing what support come back with as it seems it might be helpful to understand how this really works (or doesn't work as the case may be..).
Was not in back then, as part of the captcha as I mentioned, but not the security one. Finding out for everyone what this actually is.
That module is there for CSRF protection. Youc an read more about it here http://en.wikipedia.org/wiki/Cross-site_request_forgery
If you place that module within the form tags on the page it will render a field such as this:
<input type="text" name="s_summary" id="s_summary" class="cat_textbox" value="acade4971bb94d2b936f17bc36a35ba4" style="display:none">
Thanks for the reference Mario but I am afraid I am just not technical enough to appreciate what it was trying to say. Can anyone put in simple terms whan and why we should or should not need to use this module call? It seems that the module is imortant for security but there is no explanation as to whether we should or should not use and the impact of using it. Liam alluded to this in part but it seems as though even Liam who has great answers to almost everything is a bit light on detail hear. If Liam struggles then us mere mortals are in big trouble.
Insight into this in functional terms not technical might help a lot of us out and possibly educate some of us. I am quite surprised this has not been raised elsewhere or is it just something about me?
Had a look and asked for more info.
Greg, Basically do not use it.
Something that should be on by default and half implemented in the system.
If you want to avoid spam, keep to the captcha for now.
Thanks Liam... I will just remain ignorant of this undocumented feature that should not probably be used...
There are quite a few
I don't understand why would you want to avoid using it where it is a CSRF protection. If you google CSRF protection, you'll find more explanations about it. But I guess the BC Team need to document this new feature asap.
But it is a great add on.
Log into your bank, stay logged in and open a new tab. Then visit another site on the internet.
Now lets pretend that on this other site, someone (like the site administrator or a commentor) included a link that pointed to a url such as http://www.YourBank.com/TransferMoney?FromAccount=12345&ToAccount=54321&Amount=1000 and then you clicked the link, the bank would think you were making a legitimate transfer request becuase you were still logged in.
Thats CSRF in a nutshell.
There are ways to mitigate this danger, but its up to site owner (the bank in this example) to make sure this can't happen. As an end user it's mostly out of your hands. This tag appears to be BC's way to mitigate this, and it appears to be similar to other soultions to this problem.
I don't know if it works though, it's not docummented, so your guess is as good as mine. Either way its probably a good idea to include it on your forms.
Not fully as its only half the sollution as it were. They have also made similar changes to web forms and the action but there do seem to be some issues with that too which are coming through.