Hello list,

I have a php program which executes a heavy mysql query upon request.
Normally, it should not be requested too often, but I am afraid
malicious user trying to massively call this program.  I am considering
to use $HTTP_REFERER to restrict the connection source, but is it worth
trusting? Is it possible for a hacker to make an identical $HTT_REFERER
in the header? I have no idea how $HTTP_REFERER is made, is it made from
the http client and put in the http header?

If I can't trust $HTTP_REFERER, how can I deny malicious attack like

Patrick Hsieh <[EMAIL PROTECTED]>
GPG public key http://pahud.net/pubkeys/pahudatpahud.gpg

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to