This would be just as bad, as he could open up a socket faking a referer.
What you really need are data integrity checks inside the script which posts
to the message board on your server.
/* Chris Lambert, CTO - [EMAIL PROTECTED]
WhiteCrown Networks - More Than White Hats
Web Application Security - www.whitecrown.net
*/
----- Original Message -----
From: Marc van Duivenvoorde <[EMAIL PROTECTED]>
To: Php general lijst <[EMAIL PROTECTED]>
Sent: Friday, July 13, 2001 6:09 AM
Subject: [PHP] forms and IP numbers
| A friend of mine found a bug in my messageboard code, this way he can post
| with other (than in my database) nicknames from a local form. Now I want
to
| have the formhandler do a check from where the form is sent. If it is not
| sent from my own webserver it has to display an error message.
|
| Thanks,
|
| Marc van Duivenvoorde
|
|
| --
| PHP General Mailing List (http://www.php.net/)
| To unsubscribe, e-mail: [EMAIL PROTECTED]
| For additional commands, e-mail: [EMAIL PROTECTED]
| To contact the list administrators, e-mail: [EMAIL PROTECTED]
|
|
|
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
