Hello list, I have a php program which executes a heavy mysql query upon request. Normally, it should not be requested too often, but I am afraid malicious user trying to massively call this program. I am considering to use $HTTP_REFERER to restrict the connection source, but is it worth trusting? Is it possible for a hacker to make an identical $HTT_REFERER in the header? I have no idea how $HTTP_REFERER is made, is it made from the http client and put in the http header?
If I can't trust $HTTP_REFERER, how can I deny malicious attack like that? -- Patrick Hsieh <[EMAIL PROTECTED]> GPG public key http://pahud.net/pubkeys/pahudatpahud.gpg -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php