I’m planning to send a form available on “websiteSend” to “websiteReceive”. websiteSend and websiteReceive are two separate domains. No SSL.
I’d like to get a few advice on what I should take care of to make sure it works, and what security holes I should protect against.
Here are a few thoughts:
-form on websiteSend should have a hidden field that is going to be used by websiteReceive to redirect the user.
-form on websiteSend should have a hidden field that tells websiteReceive from where the form has been sent (what would be the appropriate $_SERVER variable that I should match it against?).
-websiteReceive should obviously thoroughly validate data before processing it.
I’m obviously many some key points, so please tell me what to do to secure my application.