Correct me if I'm wrong, but isn't it possible to fake the referrer?
This may not matter for your application -- are you writing a financial app
or a personal portfolio? -- but if you really need to authenticate the
source of data that comes from some other IP address (as is the case with a
web browser) then you're into PGP keys and signed certificates.
At 11:18 PM 4/3/2001 -0700, Dallas K. wrote:
>If you want to check where your submit is comming from, then you need to
>check the REFERER url..... do so by useing the global $HTTP_REFERER
>variable.
>
>
>global $HTTP_REFERER;
>
>if($HTTP_REFERER == "YOUR_FORM_PAGE_HERE")
>{
> //PROCESS CODE.
>}
>else
>{
> echo"Your a hacker, so BITE ME!!!";
>}
>
>
>
>
>----- Original Message -----
>From: "Plutarck" <[EMAIL PROTECTED]>
>To: <[EMAIL PROTECTED]>
>Sent: Tuesday, April 03, 2001 7:58 PM
>Subject: [PHP] Sneaky solution
>
>
>> > How do you check to make sure that any
>> > form submissions originate from your site?
>>
>> You basically can't.
>>
>> ...well that was easy ;)
>>
>>
>> All you can do is assume that every single piece of data sent from the
>> client is an attempt to screw up your application. After stripping
>non-valid
>> characters and using strlen to ensure the data is of a valid size, there
>> isn't much you can do. But if you know ahead of time that the date should
>> _NOT_ be 1998, just encode such a validator.
>>
>>
>> But if you want to be really sneaky, make something like this:
>>
>> value1=vally|val2=vooly
>>
>> Then run it through some encryption feature or a home-brewed scrambler,
>and
>> make the whole thing one single "hidden" value.
>>
>> In your script you decode it, split it apart into proper variables, and
>> continue along as normal.
>>
>>
>> Still not fool proof, but I use it when I have no other better method. And
>> it basically thwarts 99% of casual tinkerers, and an equal amount of
>script
>> kiddies, and it allows you to be really creative in your data validation,
>> plus you can screw with people's heads...which of course is the most
>> important function ;)
>>
>>
>>
>> --
>> Plutarck
>> Should be working on something...
>> ...but forgot what it was.
>>
>>
>>
>> --
>> PHP General Mailing List (http://www.php.net/)
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>>
>
>
>--
>PHP General Mailing List (http://www.php.net/)
>To unsubscribe, e-mail: [EMAIL PROTECTED]
>For additional commands, e-mail: [EMAIL PROTECTED]
>To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
>
............................................................................
Les Neste 678-778-0382 http://www.lesneste.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
