If you are on a UNIX system, often you can run the script suid, so that it
is running as an authenticated user rather than "nobody" or "httpd". In most
cases, it's a simple matter of:
Step 1: chmod 4711 <scriptname.cgi>
Step 2: Change the shebang line to #!/usr/bin/perl -U
However, this will only work if the web server is configured to support
running scripts suid.
That's probably the most effective way to do it. You can try authenticating
based on an IP address or domain, but those environment variables can be
spoofed. You can still add this checking to keep unsophisticated hackers
from bothering you; just know that it isn't foolproof.
my $good_referer = 'my.domain.com/form.html';
my $good_address = '??.??.???.???'; # your IP
my $real_referer = $ENV{'HTTP_REFERER'};
my $real_address = $ENV{'REMOTE_ADDR'};
if($real_referer ne $good_referer) or
($real_address ne $good_address)
{
# boot 'em
}
else
{
# do your thing
}
-----
Scot Robnett
inSite Internet Solutions
[EMAIL PROTECTED]
http://www.insiteful.tv
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
