On Mon, 2002-07-01 at 15:08, Michiel Meeuwissen wrote: > Eduard Witteveen <[EMAIL PROTECTED]> wrote: > > Is looking at the refering page also an option? What goal are we trying to reach? If we do want to prevent userinput (param name + value) then not sending parameters at all is a much better approach. but if we realy want user input the best we can do in checking the input(sql escape or min/max values in the mm:import tag?) can we do more?
A cracker that is not brain dead will use the perl UA package and will have control over eveything from cookies to referers. > > How? I think the Referer header is not mandatory. > > > And what about encrypting the whole parameter line?(can this be done..?) > > I think that this is meant? > > Michiel > > > -- > Michiel Meeuwissen > Mediapark, C 107 tel. +31 (0)35 6772979 > > > >
