remember tho that the Referer header is easily faked, so is not really a viable security mechanism.
A better way is to use tokens/ hashes or similar, so that you know the request originated from a request on one of your pages (because you where able to create the hash using a known secret) http://blog.appenginefan.com/2008/07/matter-of-trust.html On 12 September 2010 21:04, Harshal <[email protected]> wrote: > May be you want to use HTTP Referer header. I am not entirely sure if its a > good idea to use GET to delete a record. May be you want to consider using > POST or if possible DELETE. > Thanks. > > On Sun, Sep 12, 2010 at 10:36 PM, Markanday Singh <[email protected]> > wrote: >> >> I am implementing GET handler for deleting a record from database, i >> want to restrict to my domain. >> i..e I don't want to execute the deletion if request is coming from >> some other domain or page, how to i do that??? >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Google App Engine" group. >> To post to this group, send email to [email protected]. >> To unsubscribe from this group, send email to >> [email protected]. >> For more options, visit this group at >> http://groups.google.com/group/google-appengine?hl=en. >> > > -- > You received this message because you are subscribed to the Google Groups > "Google App Engine" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/google-appengine?hl=en. > -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
