Sara wrote: > > > > bad guys can always create their own form > > I can't say how others do it but almost my every script starts with: > > if ($ENV{'HTTP_REFREER'} !~ /yourdomain.com/) { > exit; > } > > it helps eliminating of Bad Guys forms & shoving of data (no remote > postings allowed).
You do know that the Referer header can be trivially spoofed? -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] <http://learn.perl.org/> <http://learn.perl.org/first-response>