ONJava.com -- The Independent Source for Enterprise Java
oreilly.comSafari Books Online.Conferences.

advertisement

AddThis Social Bookmark Button
Article:
  Ten Security Checks for PHP, Part 1
Subject:   Register Globals on
Date:   2007-03-01 11:52:54
From:   andrwe
Response to: Register Globals on

My method for securing where POST data comes from is thus:


$referer = $_SERVER['HTTP_REFERER'];
if ($referer != "http://www.domain.com/form.html") {
echo "nice try!";
} else {
process_form();
}


Any downside to that (other than having to change the URL upon upload)?


1 to 2 of 2
1 to 2 of 2