Hy, inSite Internet Solutions schrieb: > > I usually do a combination of things. > > * You can check domains, but they can be spoofed, > so that in itself is not a cure. It's a start.
How can I check this? > > * Does the site have a static IP? You can set > the script only to run if called from that IP. > Once again 'spoofable' but less than a domain > on its own. I have a static IP, but once again: How to check wich IP called the script? > > * Use the CGI.pm module's built-in data limit > function. You can set POST_MAX to a reasonable > level to avoid buffer overflow issues, or just > set DISABLE_UPLOADS = 1 if no files are going > to be uploaded. It's just for a forum and a contact-script... No attachements are possible. > > * Are you on UNIX? Most of my sites are on some > flavor of *NIX and I run my scripts suid. You > can explicitly tell the script that it can > run -only- as the user, not even as the httpd > daemon. (#!/usr/bin/perl -U with the script > directory chmod'd 4711) It's a Linux-System, so: yes :-) > > Scot Robnett > inSite Internet Solutions > [EMAIL PROTECTED] > [EMAIL PROTECTED] Many thanks! regards Sebastian Nerz > > -----Original Message----- > From: Sebastian Nerz [mailto:[EMAIL PROTECTED]] > Sent: Friday, May 24, 2002 10:22 AM > To: [EMAIL PROTECTED] > Subject: Checking who called a cgi-script > > Hy, > > I need to check which server (or better: which formular) gave data to a > cgi-script (executed this script) > (I am writing on a contact-script but I dont want every server to be > able to execute this script!) > > How could I do this? > (A link or source for informations would be enough) > > Many thanks! > > regards > > Sebastian Nerz > > PS I am sorry for my english - it's quite terrible! > > -- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --- > Incoming mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.351 / Virus Database: 197 - Release Date: 4/19/2002 > > --- > Outgoing mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.351 / Virus Database: 197 - Release Date: 4/19/2002 -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
