No I don't know, can you please explain.
How it can be spoofed, I am interested in details.
----- Original Message -----
From: "Bob Showalter" <[EMAIL PROTECTED]>
To: "'Sara'" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Thursday, November 11, 2004 3:17 AM
Subject: RE: untainting data
> Sara wrote:
> > > > > bad guys can always create their own form
> >
> > I can't say how others do it but almost my every script starts with:
> >
> > if ($ENV{'HTTP_REFREER'} !~ /yourdomain.com/) {
> > exit;
> > }
> >
> > it helps eliminating of Bad Guys forms & shoving of data (no remote
> > postings allowed).
>
> You do know that the Referer header can be trivially spoofed?
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
<http://learn.perl.org/> <http://learn.perl.org/first-response>
