Hi Thomas, >> are the server-side vars generated by the server or only echoed vars >> which where provided by the browser?? >> specially REQUEST_URI is of interest for me for security purposes in >> scripts, so is it generated from Apache self or can it be faked by the >> client?
> In 1.3 it looks like it's set from the original request, but to be able > to fake it they can't call your script (right?) f.e. I have a perl mailscript which should only accept formdata from a form which was served by my host, so I want to check in the script if REQUEST_URI is from my own host or probably comes from a locally stored and modified form... so any other ideas what I can check to be 100% sure that the form was served by my server? Guenter.