>>> bad guys can always create their own form
I can't say how others do it but almost my every script starts with:
if ($ENV{'HTTP_REFREER'} !~ /yourdomain.com/) {
exit;
}
it helps eliminating of Bad Guys forms & shoving of data (no remote postings
allowed).
Sara.
----- Original Message -----
From: "B McKee" <[EMAIL PROTECTED]>
To: "Sara" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Thursday, November 11, 2004 2:13 AM
Subject: Re: untainting data
>
> On Wednesday, November 10, 2004, at 04:02 PM, Sara wrote:
>
> > If the 'name' is coming from a Form, try limiting it within the form
> > tags,
> > it's always a better idea.
>
> I thought (correct me if I'm wrong here - I'm no expert)
> that you want to do this at both ends....
> because the bad guys can always create their own form
> (or whatever) and shove bad data at the web server.
>
> Brian
>
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
<http://learn.perl.org/> <http://learn.perl.org/first-response>
