Hello list,
I have a php program which executes a heavy mysql query upon request.
Normally, it should not be requested too often, but I am afraid
malicious user trying to massively call this program. I am considering
to use $HTTP_REFERER to restrict the connection source, but is it worth
I have a php program which executes a heavy mysql query upon request.
Normally, it should not be requested too often, but I am afraid
malicious user trying to massively call this program. I am considering
to use $HTTP_REFERER to restrict the connection source, but is it worth
trusting? Is
Is it possible for a hacker to make an identical $HTT_REFERER
in the header? I have no idea how $HTTP_REFERER is made, is it made
from the http client and put in the http header?
Thats exactly how its done. The user agent (browser) takes the URL it was
on when a link was clicked / form
Craig Vincent wrote:
The best thing you can do is temporarily record the
IPs of connections to your script, and then block IPs that connect to
the script too often directly from your routing table. It doesn't
necessarily stop those using proxies but definately is more reliable
than an
Hello Dan Hardiker [EMAIL PROTECTED],
Then, it is not safe to do IP-based blocking, right? Any alternative?
On Thu, 16 May 2002 10:10:44 +0100 (BST)
Dan Hardiker [EMAIL PROTECTED] wrote:
Craig Vincent wrote:
The best thing you can do is temporarily record the
IPs of connections to your
Then, it is not safe to do IP-based blocking, right? Any alternative?
As I mentioned in an earlier post (my original reply to you):
If I can't trust $HTTP_REFERER, how can I deny malicious attack like
that?
The best way is authentication... that is asking the user for a username
and
6 matches
Mail list logo
