I don't think that would work if two or more clients are on a shared host, which several are. That's the general concept though, so you're pretty much right on the money. If I could generate that key based on the domain name being passed to my server using AJAX and then send that to the iframe src, that'd be perfect.
> On Tuesday 29 Jul 2008, Bret McDermitt wrote: > > Any other ideas? > > Well, generally, you wouldn't use something totally under the control > of an > attacker... > You could require the framing site passes a token into you application > for > instance, and make sure no 2 IP address' use the same token. > > -- > Tom Chiverton > > **************************************************** > > This email is sent for and on behalf of Halliwells LLP. > > Halliwells LLP is a limited liability partnership registered in > England and Wales under registered number OC307980 whose registered > office address is at Halliwells LLP, 3 Hardman Square, Spinningfields, > Manchester, M3 3EB. A list of members is available for inspection at > the registered office. Any reference to a partner in relation to > Halliwells LLP means a member of Halliwells LLP. Regulated by The > Solicitors Regulation Authority. > > CONFIDENTIALITY > > This email is intended only for the use of the addressee named above > and may be confidential or legally privileged. If you are not the > addressee you must not read it and must not use any information > contained in nor copy it nor inform any person other than Halliwells > LLP or the addressee of its existence or contents. If you have > received this email in error please delete it and notify Halliwells > LLP IT Department on 0870 365 2500. > > For more information about Halliwells LLP visit www.halliwells.com. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:309881 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
