I'm not trying to keep my script secure, I'm trying to get into another
script, using cURL.
I sent all of the POST fields, set my REFERER to be their referer page, even
set my AGENT to
be ie 5 on a Win2K box. Damn script is still not returning the right screen.
When I copy the HTML
code to my mac
Hi,
you could use an additional parameter containing a checksum of the entire URL, that
you check at the
beginning. Of course, somebody with the right motivation could find out your checksum
scheme (I would
use a subset of the md5 function), but at least it won't be simple anymore.
You could
Are you using sessions? You can register a tracking variable on the form
page and then check that variable on the processing page. If the posted
data comes from any page other than the one that you want it to, the
variable will not be set. Not 100% sure, but I think this covers what
you've aske
referer. Checking for these items before processing the form should be
pretty good.
James
-Original Message-
From: phpman [mailto:[EMAIL PROTECTED]]
Sent: Thursday, May 24, 2001 10:04 AM
To: [EMAIL PROTECTED]
Subject: [PHP] Form security
Since nobody answered my last question (or any of them
Since nobody answered my last question (or any of them for that matter). Let
me rephrase it a little
different.
Other then checking the referer (to make sure the posted data came from the
right page)
and user agent (to see if it exists), is there any other way to secure a
form from having other
5 matches
Mail list logo
