On Thu, 2004-04-08 at 14:19, Richard Davey wrote: > Hello Robert, > > Thursday, April 8, 2004, 7:13:27 PM, you wrote: > > RC> Aaah ok. That makes more sense to me :) Sorry was confused by the use of > RC> the word redirect. Thought you were redirecting the user to an alternate > RC> script with the reposted data. I'm not sure I understand how this is > RC> more secure since isn't the data as valid as the first time it was > RC> posted? > > It's not about the validity of data, that is handled by the receiving > script - it's about knowing for sure WHERE that form data came from in > the first place. For example it would stop something along the lines > of a user downloading your form, modifying some values and then > posting it from their local box. It could also stop another web-site > automatically posting data to your forms should they mask the referer > value. > > Hope that makes more sense.
Sorry, by validity of the data I meant validity of location. I'm not sure though that you can validate location using your technique since the first script retrieves all of the POSTed data and then forwards it along to the second processing script. How does the second script gain new information over the first? Doesn't it receive the same data? Agreed the second server always knows the IP of the sender since the sender is the first script which is on the same box, but I'm not sure how this provides a benefit over just processing the data in the first script, since the IP of the original sender is still at issue. Maybe I'm just confused :) Cheers, Rob. -- .------------------------------------------------------------. | InterJinn Application Framework - http://www.interjinn.com | :------------------------------------------------------------: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `------------------------------------------------------------' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php