Guess I'm not as cynical as you.
I do see a couple moves in the right direction :
1. checking Request.UrlReferrer.Host against Request.Url.Host at least
prevents against the simple hack of copy/pasting a url from a link button
into a brower.
2. hashing the track click url and tacking it onto the end as an additional
param and on link click re-constructing the hash server-side and comparing
to the link's hash would prevent against automated software that sent
endless tracking requests with small variations
"Mark Rae" <ma**@markNOSPAMrae.comwrote in message
news:u8**************@TK2MSFTNGP05.phx.gbl...
"John A Grandy" <johnagrandy-at-yahoo-dot-comwrote in message
news:eG**************@TK2MSFTNGP04.phx.gbl...
>Ok. Well, for sites with a tracking page that writes some tracking data
to db and then redirects to the target url,
LOL! All that tells them is that the target URL has come from the tracking
page! The initial request to the tracking page could have come from
anywhere - don't you get it?
>what are other solutions to stop hackers from manipulating the tracking
data ?
None that I know of, and this is another of those occasions where I would
dearly *love* to be proven wrong...
I've seen all sorts of "smoke and mirrors" solutions involving encrypted
querystrings and God knows what - none of them works...