> This may not matter for your application -- are you writing a
> financial app or a personal portfolio? -- but if you really need
> to authenticate the source of data that comes from some other
> IP address (as is the case with a web browser) then you're into
> PGP keys and signed certificate
> If you want to check where your submit is comming from, then
> you need to check the REFERER url. do so by useing the globa
> $HTTP_REFERER variable.
Except that, as I point out in the message that the person you
responded to replied to, $HTTP_REFERER by no means is
guaranteed to have a va
On 3 Apr 2001 21:02:34 -0700, Les Neste <[EMAIL PROTECTED]> wrote:
>Correct me if I'm wrong, but isn't it possible to fake the referrer?
Quite easily, even when doing it by hand using telnet or netcat.
>This may not matter for your application -- are you writing a financial app
>or a personal
RER url. do so by useing the global $HTTP_REFERER
> >variable.
> >
> >
> >global $HTTP_REFERER;
> >
> >if($HTTP_REFERER == "YOUR_FORM_PAGE_HERE")
> >{
> >//PROCESS CODE.
> >}
> >else
> >{
> >echo"Your a hacker,
;
>global $HTTP_REFERER;
>
>if($HTTP_REFERER == "YOUR_FORM_PAGE_HERE")
>{
>//PROCESS CODE.
>}
>else
>{
>echo"Your a hacker, so BITE ME!!!";
>}
>
>
>
>
>- Original Message -
>From: "Plutarck" <[EMAIL PROTECTED
ker, so BITE ME!!!";
}
- Original Message -
From: "Plutarck" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, April 03, 2001 7:58 PM
Subject: [PHP] Sneaky solution
> > How do you check to make sure that any
> > form submissions originate from your si
> How do you check to make sure that any
> form submissions originate from your site?
You basically can't.
...well that was easy ;)
All you can do is assume that every single piece of data sent from the
client is an attempt to screw up your application. After stripping non-valid
characters and
7 matches
Mail list logo
