> -----Original Message-----
> From: Etienne Marcotte [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, December 12, 2001 10:53 AM
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Subject: Re: Passing arrays across forms
>
>
> You take the source, modify the value of hidden fields, and then hit
> enter when your browser points to c:/local/path/file.html
[JOHN] Ooooohhhhh... I never thought of doing that. Thanks for the
education!
> For sure the script can check the referring adress to see if
> it's on the
> server, but as Jenda stated a while ago, a "good" hacker will
> be able to
> telnet your webserver and put whatever he want's in the header to fake
> the reffering url.
[JOHN] Still, a great reason to check referrers in your script. If a
hacker is already into your system enough to get around that, what more can
you do? (Rhetorical question, this thread is probably off-topic enough
already!) Cookies can be faked and/or copied too, can't they? Athough the
hacker would have to have some idea what it needs to look like to create it
from scratch. And GET parameters are the easiest of all to fake!
> As for accessing the param() There are some good way, again Jenda made
> the most wonderful module for people like me that don't really like
> modules:) It takes the post/get data and parse it, without
> ...
[JOHN] Thanks for mentioning that module again, I missed it the first
time around.
- John
~~~~~~~~~~~~~~~~~~~~~~~~~
This message may contain information which is private, privileged or
confidential and is intended solely for the use of the individual or entity
named in the message. If you are not the intended recipient of this message,
please notify the sender thereof and destroy / delete the message. Neither
the sender nor Sappi Limited (including its subsidiaries and associated
companies) shall incur any liability resulting directly or indirectly from
accessing any of the attached files which may contain a virus or the like.
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
