hwg-languages archives May 2001 new search results previous next

Re: Re: Javascript redundant code...

by "Paul Roberts" <roberts_paul(at)bigfoot.com>

 Date:  Wed, 23 May 2001 20:22:23 +0100
 To:  "JOSE ADRIANO BALTIERI" <JABALTIE(at)iep-cen.unimep.br>,
<hwg-languages(at)hwg.org>,
"Peter-Paul Koch" <gassinaumasis(at)hotmail.com>
 References:  cen
  todo: View Thread, Original 
of course you can always fake the refer.

the only sure way is to check it on the server and un-taint your data,
relying on JavaScript is asking for trouble, compared to the amount of time
taken to do a check on the server.

in fact you can fake anything, if you want to.

Paul Roberts

roberts_paul(at)bigfoot.com
+++++++++++++++++++++
----- Original Message -----
From: "JOSE ADRIANO BALTIERI" <JABALTIE(at)iep-cen.unimep.br>
To: <hwg-languages(at)hwg.org>; "Peter-Paul Koch" <gassinaumasis(at)hotmail.com>
Sent: Wednesday, May 23, 2001 7:26 PM
Subject: Re: Javascript redundant code...


| On 23 May 01 at 15:17, gassinaumasis(at)hotmail.com wrote:
|
| > At the very end of your script, set a hidden field with a value like
| > 'JavaScript checked'. When this value comes to the server, you are
certain
| > that the script has been completed and that no errors were found.
| >
|   OK. Better it would be to generate something random. No problem.
|
| > Note that this does not prevent people from copying your forms and using
| > them. To avoid this, simply check the referrer in the CGI script. If it
| > doesn't come from a trusted domain, discard the input.
|
|   I'm more than amazed. Never thought it could be so simple !
|   In fact, if I save the page and submit it again from c:\something,
referer
| will be blank. When it comes from my site, it comes with the complete URL.
|
|   Guess I should require that referer would be myself, I mean, my own
site.
|
|   But, I'm still holding myself to believe that this is so simple like
that...
|
|   ThanXs !
|
| > ppk
| >
_________________________________________________________________________
| > Get Your Private, Free E-mail from MSN Hotmail at
http://www.hotmail.com.
| >
| >
|
|                                 Obrigado/Thanks a lot,
|
|                                 Jose Adriano Baltieri
|                                 Analista de Sistemas
|                                 CPD - CENTRO
|                                 UNIMEP - Universidade Metodista de
Piracicaba
|                                 PIRACICABA - SP - BRASIL
|                                 Fone : 055 0 XX 19 430-1858 (english
spoken)
|                                 Fax  : 055 0 XX 19 430-1898 (cx postal
42778)
|

HWG: hwg-languages mailing list archives, maintained by Webmasters @ IWA