Posted by Jasen Betts on 02/11/06 10:10

On 2006-02-10, Skeets <skillet3232@yahoo.com> wrote:
> probably the single worst case scenario is that a bunch of 13 year old
> script kiddies laugh about you being pwn3d by them - and this can last
> a while, too. -lol-
>
> seriously, i think someone else answered your question, but i had to
> get that in there, b/c it does happen.
>

> can a script like this be modified to *know* that the form is being
> sent from one's own site?

no.

> if(!eregi('domain.com',$host[Referer])){

referer is easy to spoof.



--

Bye.
Jasen

• Next in forum: Re: How can I experiment with php on my pc?
• Prev in forum: XMLHttpRequest not posting data to php
• Thread view: Re: PHP Passing Variables Between Pages and Security

[Reply to this message]