> This may not matter for your application -- are you writing a
> financial app or a personal portfolio? -- but if you really need
> to authenticate the source of data that comes from some other
> IP address (as is the case with a web browser) then you're into
> PGP keys and signed certificate
> If you want to check where your submit is comming from, then
> you need to check the REFERER url. do so by useing the globa
> $HTTP_REFERER variable.
Except that, as I point out in the message that the person you
responded to replied to, $HTTP_REFERER by no means is
guaranteed to have a va
On 3 Apr 2001 21:02:34 -0700, Les Neste <[EMAIL PROTECTED]> wrote:
>Correct me if I'm wrong, but isn't it possible to fake the referrer?
Quite easily, even when doing it by hand using telnet or netcat.
>This may not matter for your application -- are you writing a financial app
>or a personal
You are right. It's painfully easy to fake the referer to make it say
anything you want it to.
I do it occasionally to screw with people's heads ;)
Making the referer become something like www.fbi.gov is always a hoot.
So using referer really isn't a very good solution, and many browsers just
Correct me if I'm wrong, but isn't it possible to fake the referrer?
This may not matter for your application -- are you writing a financial app
or a personal portfolio? -- but if you really need to authenticate the
source of data that comes from some other IP address (as is the case with a
web
If you want to check where your submit is comming from, then you need to
check the REFERER url. do so by useing the global $HTTP_REFERER
variable.
global $HTTP_REFERER;
if($HTTP_REFERER == "YOUR_FORM_PAGE_HERE")
{
//PROCESS CODE.
}
else
{
echo"Your a hacker, so BITE ME!!!";
}
--
6 matches
Mail list logo
