On 3/29/07, cajbecu <cajbecu@xxxxxxxxx> wrote:
>
> <?
> if($_POST && eregi(getenv("SERVER_NAME"),getenv("HTTP_REFERER"))) {
> // This is a safe POST
> } elseif(!eregi(getenv("SERVER_NAME"),getenv("HTTP_REFERER"))) {
> die("Illegal access. Your IP has been logged.\n");
> }
> ?>
>
it is not safe. i can use curl (www.php.net/curl) and modify the referer
of my script to pass this security check. i advise you to add image code
to the form and check that in your script. that will stop the attackers
insert lot of data in your database.
You need a really good code to make it really secure :)
I've discussed the problems with using image code (CAPTCHA) in another
post on this list. So then you would create a script of 100+ lines to
do it :)
And even then, some smart programmers are probably going to find a way
to read your image code :)
Tijnema
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
