Marty, et al -- ...and then Marty Landman said... % % At 05:47 AM 6/25/02 -0700, John Brooking wrote: % ... % > But wait, there's more! Even if your script *did* % >check the referer, that's no protection either! An % >experienced programmer can easily use Perl's LWP % >module or its equivalent in some other language to % >make the request with a faked referer variable. So % >really, POST variables are no more secure than GET % >variables, it just takes a little more doing to fake % >them. % % Didn't realize this. What exactly is the right procedure then to safeguard % scripts such as formmailers from being hijacked? % % > By the way, I'm still not a security expert, so % >don't take my word as the final one either! % % Me either, eager to learn and improve myself.
It takes being hacked a lot to finally be able to call yourself an expert :-) % % Marty % % -- % SIMPL WebSite Creation: http://face2interface.com/Home/Demo.shtml TIA & HAND :-D -- David T-G * It's easier to fight for one's principles (play) [EMAIL PROTECTED] * than to live up to them. -- fortune cookie (work) [EMAIL PROTECTED] http://www.justpickone.org/davidtg/ Shpx gur Pbzzhavpngvbaf Qrprapl Npg!
msg05558/pgp00000.pgp
Description: PGP signature
