AraDaen wrote:
Im looking for info about a secure alternative to the use of
$_server['http_refere'] to check in a script from where are arriving
$_post vars.
You could put a hash value into a hidden field on the form, and also
store it in the session. When the form is submitted only accept it if
the hashes match.
However, this is very easy to get around, so I suggest you consider why
you think you need this level of checking. Assuming you're properly
validating and escaping all input coming from outside the app, IMHO this
type of "security" should not be needed.
-Stut
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
