Would a simple check of refering URL help in this?
Something like:
my $referer = $ENV{'HTTP_REFERER'};
if ($referer ne "http://www.your/form/location";){
print qq(Content-type: text/html\n\n
some error message...);
return;
}
Are there any other relatively simple checks which would help making the
form more secure in the server end?
joni
-----Original Message-----
From: Pete Sergeant [mailto:[EMAIL PROTECTED]]
Sent: 13 July 2001 15:43
To: [EMAIL PROTECTED]
Subject: Re: CGI.pm and form validation
That which I say three times it true:
Do not trust user input. Do NOT trust user input. DO NOT TRUST USER INPUT.
As mentioned, users can turn off javascript. You're assuming of course that
skr!pT k1DD13s use browsers. It is trivial to build an HTTP request and
telnet into the server at port 80.
Javascript is nice for telling users if they've got it wrong. If you're
going to trust it, you're on crack.
Hope This Helps
{Pete
-------------------------------------------------------
($_='Yw_xUabcdtefgdijktljkotiersjkUzxT
yvlkbfdtcierstajogvPruntRshackRJelov')
=~y/RTUv;wxYz$/ ~'\/;$=();/;eval;print
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------Confidentiality--------------------------.
This E-mail is confidential. It should not be read, copied, disclosed or
used by any person other than the intended recipient. Unauthorised use,
disclosure or copying by whatever medium is strictly prohibited and may be
unlawful. If you have received this E-mail in error please contact the
sender immediately and delete the E-mail from your system.
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
