NYCPHP Meetup

[nycphp-talk] <a href> vs. <form> request

Jerry Kapron jkapron at NewAgeWeb.com
Wed Apr 16 21:42:12 EDT 2003


Chris,

>ok - dunno what I'm talking about, but could you possible append some sort
>of hash value to the href - which could only be generated by your script
and
>not any third party?  Make the key available only to the valid websites in
>order for them to generate it - and don't accept anything that does have a
>submit.

I actually do a couple of things that let me reliably determine whether the
request is authorized. The problem however is that there is a good reason
why the authorized webmasters would want to replace the links with forms
even if they are told not to.  Unless there is a way to check whether they
use a link or a form they will get away with "breaking the rule" and will
keep doing it.  The only option I have left is to build a bot that would
check each authorized URL for existence of the required <a href> link. Since
most of those sites are extranet sites protected by different types user
authentication I'll have to use a cURL based bot for cookie/session support.
I'll have to require the webmasters to provide username/password for the bot
to use when checking their site.
This is much more work than I expected.

Jerry




More information about the talk mailing list