 |
 |
 |
 |
|
|
Date: 09/13/00
- Next message: Nico Alberti: "[phplib] A different Perm scheme"
- Previous message: layne <email protected>: "RE: [phplib] RE: Still Cannot connect php3 with mysql ..."
- Next in thread: Jens Benecke: "Re: [phplib] Registering form variables"
- Reply: Jens Benecke: "Re: [phplib] Registering form variables"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> It may be a bit different but it is still possible to fake
> the web-server
> (all you need to do is create a new html page local and load
> it in your
> browser)
This is why multiple tests are necessary for form validation. An additional
test that helps here is to make sure that the HTTP_REFERER is a valid page
at your domain - if /form.html posts to form.php, then form.php would check
ereg('domain.tld/form.html', $HTTP_REFERER) as well as
$HTTP_POST_VARS[field_name].
Paranoia is a virtue.
Layne Weathers
Lead Programmer
Ifworld, Inc.
---------------------------------------------------------------------
To unsubscribe, e-mail: phplib-unsubscribe <email protected>
For additional commands, e-mail: phplib-help <email protected>
- Next message: Nico Alberti: "[phplib] A different Perm scheme"
- Previous message: layne <email protected>: "RE: [phplib] RE: Still Cannot connect php3 with mysql ..."
- Next in thread: Jens Benecke: "Re: [phplib] Registering form variables"
- Reply: Jens Benecke: "Re: [phplib] Registering form variables"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]