Sara wrote:
> > > > bad guys can always create their own form
>
> I can't say how others do it but almost my every script starts with:
>
> if ($ENV{'HTTP_REFREER'} !~ /yourdomain.com/) {
> exit;
> }
>
> it helps eliminating of Bad Guys forms & shoving of data (no remote
> postings allowed).
You do know that the Referer header can be trivially spoofed?
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
<http://learn.perl.org/> <http://learn.perl.org/first-response>
