Reply to Re: [PHP] Referer checking is able to be referer spoofed

Your name:

Reply:


Posted by Marek Kilimajer on 03/26/05 21:31

Dan Rossi wrote:
>
> On 20/03/2005, at 5:40 AM, Marek Kilimajer wrote:
>
>>
>> If you need only hotlink protection then the current referer checking
>> is just enough. Most users will not install referer spoofing software.
>>
>> But if you need to be 100% sure the videos are streamed through
>> affiliate server, you can use tokens - a script at the affiliate
>> server will request a token from the streaming server (with
>> username/password/clip id etc.). This token will be sent with the link
>> to the streaming server. Hope this is clear.
>>
>>
>
>
> Hi there sorry to return back to this, but we are somehow needing to
> create a token url that will be generated on the customer's webpage
> before the link is redirected to an access script of our clients video
> feeds site. What would be the most safest credentials to use to create a
> token with and how could the access script decrypt this information to
> validate access ? Let me know if this is too vague of a question thanks.
>

You can create tokens using uniqid() function. Save the token in the
database together with create time, so you can expire it. Then in the
access script check if the token is in the database and it has not expired.

[Back to original message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация