On Mon, 2006-02-06 at 22:28 -0600, David Gilden wrote: > Just wanted hear opinions on how effective this is, as way of preventing > email relaying stoping > unauthorized use my script.
> This from a script that connects a <form> page to sendmail.... > my $referer = referer; # what page called the script, check the domain > exit if $referer = ($referer !~ /www\.mydomain\.com/i); > If somebody from a foreign domain trys to invoke my script it should exit > with out a trace. > Yes? If you mean X puts up a form on another site with the action pointing towards your form handler, and visitor Y to that site submits that form. Then yes ... providing that X didn't put the form in a directory called www.mycdomain.com. It will also block legitimate users of your site as the referer header is (a) optional (b) sometimes munged in the name of privacy (although in violation of the HTTP spec - probably due to laziness in that overwriting the referer header with junk means that the software doesn't need to recalculate the content-length). If you are trying to stop spammers from using the form handler to send many messages, then no. Forging a referer header is trivial. -- David Dorward <http://dorward.me.uk/> "Anybody remotely interesting is mad, in some way or another." -- The Greatest Show in the Galaxy -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] <http://learn.perl.org/> <http://learn.perl.org/first-response>
