|
-
Apr 28th, 2001, 03:12 PM
#1
Thread Starter
Addicted Member
Process only scripts submitted from same server
Hi all,
How is it possible to check that ASPs script process only stuff that originates from the same server. For example I do not want users copying a form page then editing it on their own computer and then submitting to my script.
The way I have come up with is something like this:
http_refer=request.serverVariables("http_referer")
'hostname is cut out from full path using string functions
if http_refer<>"www.whatever.com" then response.write("not equal")
Is there a better way of doing this?
Thanks,
Alex
ASP, SQL, VB6, Java Script and dubious guitar playing skills.
-
Apr 30th, 2001, 06:30 AM
#2
Black Cat
if they are smart enough to modify the form then I'd assume they are smart enough to fake the HTTP_REFERER. You probably could use Session variables to keep track instead, but be safe and make sure you have good input validation.
Josh
Get these: Mozilla Opera OpenBSD
I have books for sale: "MCSD in a Nutshell" and "VB Distributed Exam Cram" - PM me for details. Will also trade for a decent ATX Pentium 2 MB/CPU/RAM combo.
-
Apr 30th, 2001, 07:02 AM
#3
Thread Starter
Addicted Member
Yeah good point. I guess ideally all validation would be done server side then it docent matter what the submitted form contains.
Alex
ASP, SQL, VB6, Java Script and dubious guitar playing skills.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|
Reply With Quote