Referrer can be easily spoofed. Use server configuration to set up password
authentication - this is the best.
On Monday 16 July 2001 13:26, PURMONEN, Joni wrote:
> Would a simple check of refering URL help in this?
>
> Something like:
>
> my $referer = $ENV{'HTTP_REFERER'};
> if ($referer ne "http://www.your/form/location"){
> print qq(Content-type: text/html\n\n
> some error message...);
> return;
> }
>
> Are there any other relatively simple checks which would help making the
> form more secure in the server end?
>
> joni
>
> -----Original Message-----
> From: Pete Sergeant [mailto:[EMAIL PROTECTED]]
> Sent: 13 July 2001 15:43
> To: [EMAIL PROTECTED]
> Subject: Re: CGI.pm and form validation
>
>
>
> That which I say three times it true:
>
> Do not trust user input. Do NOT trust user input. DO NOT TRUST USER INPUT.
>
> As mentioned, users can turn off javascript. You're assuming of course that
> skr!pT k1DD13s use browsers. It is trivial to build an HTTP request and
> telnet into the server at port 80.
>
> Javascript is nice for telling users if they've got it wrong. If you're
> going to trust it, you're on crack.
>
> Hope This Helps
>
> {Pete
>
>
> -------------------------------------------------------
> ($_='Yw_xUabcdtefgdijktljkotiersjkUzxT
> yvlkbfdtcierstajogvPruntRshackRJelov')
> =~y/RTUv;wxYz$/ ~'\/;$=();/;eval;print
--
Ondrej Par
Internet Securities
Software Engineer
e-mail: [EMAIL PROTECTED]
Phone: +420 2 222 543 45 ext. 112
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
