Actually the "form.py" was copied from an example inside one of the URL for non-programmer provided by python.org documentation site.
I'm not familiar with the method to convert an MD5 token to it original state inside form.py. So, if I try to authenticate using referer, does the referer="/form.html" ?
---------- Forwarded message ----------
From: Fredrik Lundh <[EMAIL PROTECTED]>
To: python-list@python.org
Date: Sat, 26 Aug 2006 00:46:16 +0200
Subject: Re: prevent unauthorized call to script
[EMAIL PROTECTED] wrote:
> I have copy-paste a script called "form.py" from somewhere else.
sounds a bit dangerous.
> This script is called from " form.html". Both are running in my Apache
> server. How do I prevent other html files from other server to call my
> "form.py " script ?
usual approaches include checking the referrer field, using server-
generated tokens in hidden fields, etc. this won't keep the determined
hacker to issue requests to your server, but at least it makes it a bit
harder to just post a HTML form somewhere else and point that to your
server.
it's probably best if you look for a form script that already supports
things like this.
</F>
-- http://mail.python.org/mailman/listinfo/python-list
