Jump to content

Archived

This topic is now archived and is closed to further replies.

448191

Verify sender of $_POST

Recommended Posts

Anyone know of a way I haven't thought of to verify the sender of $_POST data to be local script?

Something that can't (or is very hard to ) be spoofed?

I don't see any way, but I might be overlooking something, so I thought I'd try...

Share this post


Link to post
Share on other sites
If it's local, don't use $_POST.

There will be recommendations for $_SERVER['HTTP_REFERER'] and/or $_SERVER['REMOTE_ADDR'] but they are [b]very[/b] unreliable.

Share this post


Link to post
Share on other sites
[quote author=Jenk link=topic=107326.msg430400#msg430400 date=1157706231]
There will be recommendations for $_SERVER['HTTP_REFERER'] and/or $_SERVER['REMOTE_ADDR'] but they are [b]very[/b] unreliable.
[/quote]

No there won't, because I said 'hard to spoof' and everybody knows those are easy to spoof.

[quote author=Jenk link=topic=107326.msg430400#msg430400 date=1157706231]
If it's local, don't use $_POST.
[/quote]

I'm sorry I wasn't very clear. I wanted something like HTTP_REFERER but more reliable. I was going to use it to verify that the sending of data was provoked by my own application, but now that I think of it there are probably better ways to do that. In short: never mind.

Share this post


Link to post
Share on other sites
[quote author=448191 link=topic=107326.msg430491#msg430491 date=1157717619]
... but now that I think of it there are probably better ways to do that.
[/quote]

Care to share?

Share this post


Link to post
Share on other sites
[quote author=448191 link=topic=107326.msg430491#msg430491 date=1157717619]
[quote author=Jenk link=topic=107326.msg430400#msg430400 date=1157706231]
There will be recommendations for $_SERVER['HTTP_REFERER'] and/or $_SERVER['REMOTE_ADDR'] but they are [b]very[/b] unreliable.
[/quote]

No there won't, because I said 'hard to spoof' and everybody knows those are easy to spoof.
[/quote]Ha, you've been here longer than I have, yet you say that.[quote]
[quote author=Jenk link=topic=107326.msg430400#msg430400 date=1157706231]
If it's local, don't use $_POST.
[/quote]

I'm sorry I wasn't very clear. I wanted something like HTTP_REFERER but more reliable. I was going to use it to verify that the sending of data was provoked by my own application, but now that I think of it there are probably better ways to do that. In short: never mind.
[/quote]Still stands.. you own application is instigating the POST data.. so why use POST in the first place? Use SESSION or better yet a database table.

Share this post


Link to post
Share on other sites
[quote author=Jenk link=topic=107326.msg430714#msg430714 date=1157734105]
Ha, you've been here longer than I have, yet you say that.[/quote]

I won't go into that. Suffice it to say you are wrong. Either you don't understand me or you're an idiot, judging by the childishness of above comment I am leaning towards the latter.

That is ALL I'm saying in this thread. [adds Jenk to looooong personal blacklist  :P]

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.