Re: PHP Passing Variables Between Pages and Security — PHP Programming Language

You are here: Re: PHP Passing Variables Between Pages and Security « PHP Programming Language « IT news, forums, messages

Posted by Gordon Burditt on 02/11/06 01:59

>can a script like this be modified to *know* that the form is being
>sent from one's own site?

A form submission is sent from a BROWSER, not a server. If you
can't trust the browser, you can't be sure where the form came from
(REFERER might work, although it's trivially spoofed and
often removed by proxies).

Is it possible to make a vest that will protect me against
everything but my own gun? Maybe, but I'd think you're better
off protecting yourself against guns regardless of whether
it's your stolen gun or not. People can put crap data
into your form easily.

Gordon L. Burditt

Navigation:

Next in forum: Re: PHP Passing Variables Between Pages and Security
Prev in forum: Re: PHP Passing Variables Between Pages and Security
Thread view: Re: PHP Passing Variables Between Pages and Security

[Reply to this message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация