448191 Posted September 8, 2006 Share Posted September 8, 2006 Anyone know of a way I haven't thought of to verify the sender of $_POST data to be local script?Something that can't (or is very hard to ) be spoofed?I don't see any way, but I might be overlooking something, so I thought I'd try... Quote Link to comment Share on other sites More sharing options...
Jenk Posted September 8, 2006 Share Posted September 8, 2006 If it's local, don't use $_POST.There will be recommendations for $_SERVER['HTTP_REFERER'] and/or $_SERVER['REMOTE_ADDR'] but they are [b]very[/b] unreliable. Quote Link to comment Share on other sites More sharing options...
448191 Posted September 8, 2006 Author Share Posted September 8, 2006 [quote author=Jenk link=topic=107326.msg430400#msg430400 date=1157706231]There will be recommendations for $_SERVER['HTTP_REFERER'] and/or $_SERVER['REMOTE_ADDR'] but they are [b]very[/b] unreliable.[/quote]No there won't, because I said 'hard to spoof' and everybody knows those are easy to spoof.[quote author=Jenk link=topic=107326.msg430400#msg430400 date=1157706231]If it's local, don't use $_POST.[/quote]I'm sorry I wasn't very clear. I wanted something like HTTP_REFERER but more reliable. I was going to use it to verify that the sending of data was provoked by my own application, but now that I think of it there are probably better ways to do that. In short: never mind. Quote Link to comment Share on other sites More sharing options...
AndyB Posted September 8, 2006 Share Posted September 8, 2006 [quote author=448191 link=topic=107326.msg430491#msg430491 date=1157717619]... but now that I think of it there are probably better ways to do that. [/quote]Care to share? Quote Link to comment Share on other sites More sharing options...
Jenk Posted September 8, 2006 Share Posted September 8, 2006 [quote author=448191 link=topic=107326.msg430491#msg430491 date=1157717619][quote author=Jenk link=topic=107326.msg430400#msg430400 date=1157706231]There will be recommendations for $_SERVER['HTTP_REFERER'] and/or $_SERVER['REMOTE_ADDR'] but they are [b]very[/b] unreliable.[/quote]No there won't, because I said 'hard to spoof' and everybody knows those are easy to spoof.[/quote]Ha, you've been here longer than I have, yet you say that.[quote][quote author=Jenk link=topic=107326.msg430400#msg430400 date=1157706231]If it's local, don't use $_POST.[/quote]I'm sorry I wasn't very clear. I wanted something like HTTP_REFERER but more reliable. I was going to use it to verify that the sending of data was provoked by my own application, but now that I think of it there are probably better ways to do that. In short: never mind.[/quote]Still stands.. you own application is instigating the POST data.. so why use POST in the first place? Use SESSION or better yet a database table. Quote Link to comment Share on other sites More sharing options...
448191 Posted September 8, 2006 Author Share Posted September 8, 2006 [quote author=Jenk link=topic=107326.msg430714#msg430714 date=1157734105]Ha, you've been here longer than I have, yet you say that.[/quote]I won't go into that. Suffice it to say you are wrong. Either you don't understand me or you're an idiot, judging by the childishness of above comment I am leaning towards the latter.That is ALL I'm saying in this thread. [adds Jenk to looooong personal blacklist :P] Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.