Sara wrote:
bad guys can always create their own form
I can't say how others do it but almost my every script starts with:
if ($ENV{'HTTP_REFREER'} !~ /yourdomain.com/) {
exit;
}
it helps eliminating of Bad Guys forms & shoving of data
Really?
use HTTP::Request::Common 'POST';
use LWP::UserAgent;
my $ua = LWP::UserAgent->new;
my $req = POST 'http://yourdomain.com/cgi-bin/sara.cgi',
referer => 'yourdomain.com',
content => [ name => 'hello' x 20 ];
my $res = $ua->request($req);
print $res->content;
As you can see, it's very easy to fake the HTTP_REFERER.
--
Gunnar Hjalmarsson
Email: http://www.gunnar.cc/cgi-bin/contact.pl
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
<http://learn.perl.org/> <http://learn.perl.org/first-response>
