Don't ask to ask, just ask | |
PerlMonks |
Re^5: Client IP questionby thomas895 (Deacon) |
on Dec 24, 2015 at 01:29 UTC ( [id://1151089]=note: print w/replies, xml ) | Need Help?? |
The "hacker" you're concerned about doesn't need to modify your files, your customers' files, or even their browser's variables. They need only set the Referer header, which is trivial to do. I hate to be a killjoy, but it's impossible to completely restrict the web. The only way to prevent your API from being called by someone you didn't intend for is to let only your customers directly access it, and to not do things in the browser. This is not a Perl problem. It's the same for any web application environment.
-Thomas "Excuse me for butting in, but I'm interrupt-driven..."
In Section
Seekers of Perl Wisdom
|
|