--- Terence <[EMAIL PROTECTED]> wrote: > To avoid malicious users creating their own forms and posting to my > site, is it advisable to use the $_SERVER['HTTP_REFERRER'] to ensure > that posted forms only come from the intended source? Anyone out there > using this?
Hopefully not. :-) Referer is just as easy to spoof as the form data you're expecting. What you're wanting to do is prevent spoofed form submissions, and New York PHP has a nice resource that I encourage you to read: http://phundamentals.nyphp.org/PH_spoofed_submission.php Hope that helps. Chris ===== Chris Shiflett - http://shiflett.org/ PHP Security - O'Reilly Coming Fall 2004 HTTP Developer's Handbook - Sams http://httphandbook.org/ PHP Community Site http://phpcommunity.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
