At 05:47 AM 6/25/02 -0700, John Brooking wrote: > As David says, the place that you can see the >"hidden" variables is in the page where the form is, >before you submit it.
Got that now, thx John. > But wait, there's more! Even if your script *did* >check the referer, that's no protection either! An >experienced programmer can easily use Perl's LWP >module or its equivalent in some other language to >make the request with a faked referer variable. So >really, POST variables are no more secure than GET >variables, it just takes a little more doing to fake >them. Didn't realize this. What exactly is the right procedure then to safeguard scripts such as formmailers from being hijacked? > By the way, I'm still not a security expert, so >don't take my word as the final one either! Me either, eager to learn and improve myself. Marty -- SIMPL WebSite Creation: http://face2interface.com/Home/Demo.shtml -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
