Kind of thought so.
The linking site is a large institutional site that I'm sure will not
allow me that kind of access.
The only thing I can put on it is a link; might be able to put up a
form with a hidden variable, but I doubt it.
Thanks for the idea.
steve
On Sep 30, 2008, at 12:37 PM, David Precious wrote:
steve miller wrote:
I am building a site for our school that handles signups for trips
and such, and we want it to be accessible only from within another
site that has a secure login. In other words, we don't want it
accessible from search engine links or direct urls. The other site
(edline.com) is not owned by us so I can't access user info, but
we can place links on it.
I was thinking of looking for the correct http_referer coming in,
but I've been told some browsers and/or firewalls might block it
from being passed. Any thoughts on how else to confirm the link
came in from the right place?
You can't rely on it being passed to you, and you also can't rely
on it being correct; it's trivial to spoof.
There's not much in the way of secure methods to validate it that I
can think of that wouldn't require the co-operation of the other site.
With enough access to the other site to place server-side scripts
on it, you could probably come up with something that redirects the
user to your site, along with a "token" calculated by, say, the
user's IP along with a secret key known by both sites - your new
site could then validate that the token looks correct, and start a
session indicating that the user is valid.
____ The WDVL Discussion List from WDVL.COM ____
To Join wdvltalk, Send An Email To: mailto:[EMAIL PROTECTED] or
use the web interface http://e-newsletters.internet.com/discussionlists.html/
Send Your Posts To: wdvltalk@lists.wdvl.com
To change subscription settings, add a password or view the web interface:
http://intm-dl.sparklist.com/read/?forum=wdvltalk
________________ http://www.wdvl.com _______________________
You are currently subscribed to wdvltalk as: [EMAIL PROTECTED]
To unsubscribe send a blank email to [EMAIL PROTECTED]
To unsubscribe via postal mail, please contact us at:
Jupitermedia Corp.
Attn: Discussion List Management
475 Park Avenue South
New York, NY 10016
Please include the email address which you have been contacted with.