>>>>> "Charles" == Charles Logan <[EMAIL PROTECTED]> writes:
Charles> Well, I'm certainly foolish enough without adding to it. So, Charles> does Perl offer any fool proof mechanism to determine if a Charles> script is being called from a local page, or if it's being Charles> 'borrowed' (hot linked) from some other site? No. That's exactly what you *can't* tell. Charles> I don't know Charles> what information the C code I refered to uses, but it returns Charles> the IP address and a full url of the requesting site that can Charles> be compared to a list of allowed domains and/or pages. And it can be spoofed trivially. Charles> Even Charles> this may not offer 100% security, but it appears to be enough Charles> to thwart all but the most hard core hotlinkers and bandwith Charles> thiefs. It's not hard core. It will lock out legitimate people, and it will be trivially bypassed by those who want to do it. It's like painting a lock on your door, and a sign that says "this door is locked". You're just deluding yourself. Find another security mechanism. This dog don't hunt. -- Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095 <[EMAIL PROTECTED]> <URL:http://www.stonehenge.com/merlyn/> Perl/Unix/security consulting, Technical writing, Comedy, etc. etc. See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training! -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
