[nycphp-talk] <a href> vs. <form> request
Christopher Hendry
chendry at nyc.rr.com
Wed Apr 16 21:45:30 EDT 2003
so it's the webmasters you're worried about? hmmm...
-> -----Original Message-----
-> From: Jerry Kapron [mailto:jkapron at newageweb.com]
-> Sent: Wednesday, April 16, 2003 9:41 PM
-> To: NYPHP Talk
-> Subject: Re: [nycphp-talk] <a href> vs. <form> request
->
->
-> Chris,
->
-> >ok - dunno what I'm talking about, but could you possible
-> append some sort
-> >of hash value to the href - which could only be generated by your script
-> and
-> >not any third party? Make the key available only to the valid
-> websites in
-> >order for them to generate it - and don't accept anything that
-> does have a
-> >submit.
->
-> I actually do a couple of things that let me reliably determine
-> whether the
-> request is authorized. The problem however is that there is a good reason
-> why the authorized webmasters would want to replace the links with forms
-> even if they are told not to. Unless there is a way to check
-> whether they
-> use a link or a form they will get away with "breaking the rule" and will
-> keep doing it. The only option I have left is to build a bot that would
-> check each authorized URL for existence of the required <a href>
-> link. Since
-> most of those sites are extranet sites protected by different types user
-> authentication I'll have to use a cURL based bot for
-> cookie/session support.
-> I'll have to require the webmasters to provide username/password
-> for the bot
-> to use when checking their site.
-> This is much more work than I expected.
->
-> Jerry
->
->
->
-> --- Unsubscribe at http://nyphp.org/list/ ---
->
->
->
More information about the talk
mailing list