I'm not trying to keep my script secure, I'm trying to get into another
script, using cURL.
I sent all of the POST fields, set my REFERER to be their referer page, even
set my AGENT to
be ie 5 on a Win2K box. Damn script is still not returning the right screen.
When I copy the HTML
code to my mac
Hi,
you could use an additional parameter containing a checksum of the entire URL, that
you check at the
beginning. Of course, somebody with the right motivation could find out your checksum
scheme (I would
use a subset of the md5 function), but at least it won't be simple anymore.
You could
Are you using sessions? You can register a tracking variable on the form
page and then check that variable on the processing page. If the posted
data comes from any page other than the one that you want it to, the
variable will not be set. Not 100% sure, but I think this covers what
you've aske
Another way to do this is to have a form element with an odd name and value
that you can check for before processing the post. This is not too secure if
someone knows the name and value though. In that case you can use the
referer _and_ a unique element name and value that is related to the
refere
4 matches
Mail list logo
