[nycphp-talk] <a href> vs. <form> request
Jerry Kapron
jkapron at NewAgeWeb.com
Wed Apr 16 21:42:12 EDT 2003
Chris,
>ok - dunno what I'm talking about, but could you possible append some sort
>of hash value to the href - which could only be generated by your script
and
>not any third party? Make the key available only to the valid websites in
>order for them to generate it - and don't accept anything that does have a
>submit.
I actually do a couple of things that let me reliably determine whether the
request is authorized. The problem however is that there is a good reason
why the authorized webmasters would want to replace the links with forms
even if they are told not to. Unless there is a way to check whether they
use a link or a form they will get away with "breaking the rule" and will
keep doing it. The only option I have left is to build a bot that would
check each authorized URL for existence of the required <a href> link. Since
most of those sites are extranet sites protected by different types user
authentication I'll have to use a cURL based bot for cookie/session support.
I'll have to require the webmasters to provide username/password for the bot
to use when checking their site.
This is much more work than I expected.
Jerry
More information about the talk
mailing list