> Hello, > > we have an affiliate system where affiliates put links on their websites, and we > need to make sure they are using the https:// protocol when the customer clicks > on the link, IE: > > https://www.ourdomain.com/cgi-bin/script.cgi?somequery_stringhere > > is there an effective way to make sure, before the script process the request, > that it can check that it was called via the https and not http protocal ?? > > TIA ;) >
To me the easiest way to handle this would be to configure a distinct cgi-bin for the port (presumably 443) that the secure scripts run under. At that point if they can be run, they must be on a secure channel. Barring the ability to do that, you should be able to check the port that the request was made on based on the environment setup by the web server assuming it matches your secure port, then the request was made properly. I assume you are worried about the response information rather than the request, in the latter case there is little reason to check in a server side script whether the client has requested it over a secure channel, as the whole point of the security at that point is moot, I suppose in the latter case it would still make sense if you were pushing them secure information. http://danconia.org -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] <http://learn.perl.org/> <http://learn.perl.org/first-response>
