>> What are you *really* trying to do? If you are trying to add a security
>> mechanism to a set of scripts this is definitely NOT the way to do it.
Yep, I want to add the security mechanism and want to protect my work from
the vultures who
are eating up my band width.
Can you please steer me in the right direction?
Thanks for your help.
Sara.
----- Original Message -----
From: "Wiggins d'Anconia" <[EMAIL PROTECTED]>
To: "Sara" <[EMAIL PROTECTED]>; "beginperl" <[EMAIL PROTECTED]>
Sent: Sunday, December 07, 2003 3:20 AM
Subject: Re: Bad referrer!
> Sara wrote:
>
> > There was a script which people were using remotely, so I have to add
this
> > simple subroutine
> > to check referrers. Currently, the site is getting approx. 20,000 hits
per
> > day.
> >
>
> I don't think you are using the correct ENV variable. The referer tells
> you what page the user was linking from when they made the submission,
> which among other things is very spoofable so really shouldn't be used
> for much of anything, especially supposed security. It can allow you
> assuming someone isn't messing with you to track a users path through a
> site, etc. but beyond that is pretty much worthless.
>
> > NO one, not even a single person claimed that they have experienced any
> > problem after
> > implementing this change, except for the owner of the site. I am
webmaster
> > for the site.
> > And now she is pushing to undo this change immediately because she is
> > constantly
> > getting &error(bad_referrer) and unable to use this script and we both
know
> > she is the only one
> > experiencing this problem.
> >
>
> Sounds like it is bookmarked or she is typing it in directly in
> whichcase there will be no referer (at least for most clients (browsers)).
>
> > Is there something wrong below? If yes, then why others are not getting
any
> > bad referrer error.
> > If no, what could be the possible reasons that owner is the only person
> > getting bad referrer error?
> >
>
> What are you *really* trying to do? If you are trying to add a security
> mechanism to a set of scripts this is definitely NOT the way to do it.
>
> > TIA,
> > Sara.
> >
> > ------------------------------------------------------------
> >
> >
> > @referers = ('http://www.foo.com', 'http://foo.com');
> >
>
> The above is not scoped, which means you are still not using 'strict'
> and 'warnings' which you have been warned of.
>
> > sub check_url {
> > local($check_referer) = 0;
>
> This is a misuse of 'local'.
>
> >
> > if ($ENV{'HTTP_REFERER'}) {
> > foreach $referer (@referers) {
> > if ($ENV{'HTTP_REFERER'} =~ m|$referer|i) {
> > $check_referer = 1;
> > last;
> > }
> > }
> > }
> > if ($check_referer != 1) { &error('bad_referer') }
> > }
> >
> >
> >
>
> http://danconia.org
>
> --
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> <http://learn.perl.org/> <http://learn.perl.org/first-response>
>
>
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
<http://learn.perl.org/> <http://learn.perl.org/first-response>
