virtual domain name and relative URLs

Hello all,

I manage the website for the local chapter of a non-profit 
organization. Lately, I've been talking with the organization's 
sysadmin about security violations. Here's the scenario:

The sysadmin recently enabled virtual domain names for
us chapter webmasters to use. So, instead of: 

http://www.myorg.com/chapters/mystate/mygroup/

I can now use:

http://mystate.myorg.com/mygroup/

Our chapter decided to use the virtual domain name as it is 
much easier for the chapter members to remember and spell 
correctly.  However, I found out that when we called up the 
online membership form with this address, it broke the link 
to the form-handling script. In other words, the form's
"ACTION = /cgi-bin/FormHandler.asp" no longer worked.

The sysadmin said to use the absolute URL instead: 

http://www.myorg.com/cgi-bin/FormHandler.asp

This worked, but I discovered that it introduced a security hole. Anyone 
could potentially install a copy of the form in their web account and run 
messages thru the myorg.com email server. We've since plugged the 
hole by adding code to the FormHandler script to check the 
HTTP_REFERER value.

However I began to wonder if, in general, using the absolute URL is 
the best solution. Earlier, the sysadmin mentioned using this method 
in other scripts and I'm concerned that other security holes will open up.

So my question is, is there a way for the sysadmin to configure the
server so that we webmasters can use relative URLs and virtual domain 
names together? 

TIA,
Charlotte Gardner

HWG: hwg-servers mailing list archives, maintained by Webmasters @ IWA