On Friday 08 August 2003 00:13, Randal L. Schwartz wrote: > No you don't. Referer is easily spoofed, sometimes stripped, and > sometimes wrong. You can log it, but only a fool would base a > security mechanism around it.
Well, I'm certainly foolish enough without adding to it. So, does Perl offer any fool proof mechanism to determine if a script is being called from a local page, or if it's being 'borrowed' (hot linked) from some other site? I don't know what information the C code I refered to uses, but it returns the IP address and a full url of the requesting site that can be compared to a list of allowed domains and/or pages. Even this may not offer 100% security, but it appears to be enough to thwart all but the most hard core hotlinkers and bandwith thiefs. Cheers, Charles -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
