At 04:10 PM 3/5/2004, Alan Shutko wrote:
Checking against hostname has never been exceptionally secure. You realize that someone could just send a different referer header?
Alan, I'm working on a rewrite now and am concerned with properly doing things. Could you please advise on how to best prevent this type of exploit, given that a check of referer against a hard-coded hostname is not so good?
Thanks in advance. Marty Landman Face 2 Interface Inc. 845-679-9387 FormATable DB: http://face2interface.com/Products/FormATable.shtml Make a Website: http://face2interface.com/Home/Demo.shtmlFree Formmailer: http://face2interface.com/Products/Formal.shtml