Loading ...
Sorry, an error occurred while loading the content.

$ENV('HTTP_REFERER')

Expand Messages
  • paul_lav
    I want to validate forms that submit to my perl scripts. The code below will do it but will it work in ever browser? if($ENV{ HTTP_REFERER } =~
    Message 1 of 2 , Mar 23, 2002
    • 0 Attachment
      I want to validate forms that submit to my perl scripts. The code
      below will do it but will it work in ever browser?

      if($ENV{'HTTP_REFERER'} =~ /$ENV{'HTTP_HOST'}/) {

      bla bla

      }

      Thanks.
      Paul
    • vimdango
      The standard is to also allow an empty referer just in case. You could also implement sessions: form.cgi: spits out form and encrypted session ID. script.cgi:
      Message 2 of 2 , Mar 27, 2002
      • 0 Attachment
        The standard is to also allow an empty referer just in case.

        You could also implement sessions:

        form.cgi: spits out form and encrypted session ID.
        script.cgi: validates sessionID, processes form.

        Both methods can be circumvented with the right script.
        To really tighten it up you'd need to use dynamic images in your
        forms and have the user type in the random string. Then you'd allow
        or deny a session. This is probably going overboard in most cases,
        but if it's a highly sensitive issue...

        Hope that helps some,
        Glen

        --
        cybersalad.net: A substance almost,
        but not quite utterle unlike salad.
      Your message has been successfully submitted and would be delivered to recipients shortly.