>First, not a perl issue.
Yes, Peter, I know... it's just that this is a Perl CGI program so I
thought I'd address Perl experts. I access environment variables in Cold
Fusion all the time and send myself little emails with reports about who's
using what and from where.
>The rerferer can be spoofed; it's not foolproof.
This is what I was after. I'm aware of all the environment variables but I
wasn't sure what I could rely on to provide some semblance of security for
the script. If you could send me a private email outlining the general
method that the spoofing is done by I would then be more aware of what to
lookout for and guard against. I don't need hacker lessons, just need to be
made more aware.
I see from Brent's reply that Matt uses HTTP_REFERER to limit those using
his scripts. Thanks Brent. (I'm still three weeks behind in WC email...
gained a week yesterday ;)
Thanks Javilk as your script managed to also extract the name and other
info about the proxy server the Uni runs as well as my info and your info.
And thanks Urb for the suggestion of passing on authentication info (which
I have already gleaned before they can use the form) to the actual Perl
script... this would be the safest technique I think, though as this
password is their "key" to everything at the Uni and as it was first
entered under a SSL environment would I now be passing it around in clear
(or UUencoded) text ?
thanks again
Bruce
____________________________________________________________________
--------------------------------------------------------------------
Join The Web Consultants Association : Register on our web site Now
Web Consultants Web Site : http://just4u.com/webconsultants
If you lose the instructions All subscription/unsubscribing can be done
directly from our website for all our lists.
---------------------------------------------------------------------
