I've been using HTTP_REFERER as a check to make sure that certain scripts are only run from certain other scripts. I've only used it in low impact or otherwise secured areas, but I need an alternative that I can use in public facing scripts. What options are there to make sure that a script cannot be run from unauthorized places?
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
alternative to HTTP_REFERER
- Thread starter mufka
- Start date
DonQuichote
Programmer
- Nov 9, 2001
- 980
Let me elaborate on that. If you want a specific order in your pages (such as start with a login page), sessions are the way to go. But if you want to block a country for instance, there is no really reliable way to do that.
+++ Despite being wrong in every important aspect, that is a very good analogy +++
Hex (in Darwin's Watch)
+++ Despite being wrong in every important aspect, that is a very good analogy +++
Hex (in Darwin's Watch)
MichealC4
Programmer
- Jun 26, 2003
- 457
You might want to look in to form tokens, as they are often used in conjunction with sessions to keep CSRF risks down. Think of it as an OTP for forms.
----------------------------
"Will work for bandwidth" - Thinkgeek T-shirt
----------------------------
"Will work for bandwidth" - Thinkgeek T-shirt
- Status
Similar threads