>I would like to make sure that it is only called from that computer (A).
>The environment variables give me the users IP address (no use) and I can
>get the referer URL. The Referer URL is probably what I want to check
>against. Is this correct? Fool proof?? Any other ideas?
by the time you get to the perl script, it's probably too late.
CGIs aren't very good for handling access restriction, because they only
get activated after the connection is established and a reasonably complex
series of actions has been performed by the httpd. it's a bit like
leaving a valuable item in a building with no fences or locks, but setting
a burglar alarm on top of it for protection. (or putting an alarm system
in your car, then parking it out on a street that's so far away you can't
hear it)
the httpd itself is much better at checking access restrictions, because it
has the opportunity to decide whether it will even bother accepting a
request before having to read any of the data it sends. and happily, the
access controls for a normal httpd are simple enough that no script can
compete with them.
whatcha need is an .htaccess file in computer (B), in the same directory as
the script which is called from (A). that file should read:
order=allow,deny
allow from [ the IP address of server (A) ]
deny from all
and that should do the trick.
you can actually use a lot more than just the IP of (A) in the 'allow'
directive.. machine/domain names, network addresses and netmasks, CIDR
blocks.. but for a single machine, i find a straight IP to be the most
secure option. in general, it's harder to spoof an IP address than a
domain name.
with that in place, the httpd will check the IP of the calling machine to
see if the request came from (A) before even launching the script.
mike stone <[EMAIL PROTECTED]> 'net geek..
been there, done that, have network, will travel.
____________________________________________________________________
--------------------------------------------------------------------
Join The Web Consultants Association : Register on our web site Now
Web Consultants Web Site : http://just4u.com/webconsultants
If you lose the instructions All subscription/unsubscribing can be done
directly from our website for all our lists.
---------------------------------------------------------------------
