--- [EMAIL PROTECTED] wrote: > I need your guys opinion. I'm thinking of having a sub ran in every sub to > check to make sure this script is being ran only through my own domain. I > think this will only break down a valid referral from > http://www.digital-drakon.com/*anything* . The only thing I think I need to > add is to force the $referer down to lowercase cause if someone enters my dir > as http://WWW.DIGITAL-DRAKON.COM it will think its not a valid referral. > Please give me any comments on this good or bad. This is just a prototype > code I did in like 2 min. It will be cleaned up a bit more. And if there is > a better way of checking let me know. I would rather use proven code then > risk a security hole. > > Chris > > $valid = 'digital-drakon' > $referer = $ENV{HTTP_REFERER};
Chris, You do not want to rely on HTTP_REFERER for security as it is very easy to fake. If you really need security, you will need to have some sort of authorization to accomplish this (such as a username/password combination). Cheers, Curtis "Ovid" Poe ===== "Ovid" on http://www.perlmonks.org/ Someone asked me how to count to 10 in Perl: push@A,$_ for reverse q.e...q.n.;for(@A){$_=unpack(q|c|,$_);@a=split//; shift@a;shift@a if $a[$[]eq$[;$_=join q||,@a};print $_,$/for reverse @A __________________________________________________ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
