Beefy Boxes and Bandwidth Generously Provided by pair Networks
Don't ask to ask, just ask
 
PerlMonks  

Re^5: Client IP question

by thomas895 (Deacon)
on Dec 24, 2015 at 01:29 UTC ( [id://1151089]=note: print w/replies, xml ) Need Help??


in reply to Re^4: Client IP question
in thread Client IP question

The "hacker" you're concerned about doesn't need to modify your files, your customers' files, or even their browser's variables. They need only set the Referer header, which is trivial to do.
In order for the file you're talking about to be written, the customer's customer (or the "hacker") must interact somehow with your customer's website before using your API. The file will be written, and to your server, it will look like the request was valid.

I hate to be a killjoy, but it's impossible to completely restrict the web. The only way to prevent your API from being called by someone you didn't intend for is to let only your customers directly access it, and to not do things in the browser.

This is not a Perl problem. It's the same for any web application environment.

-Thomas
"Excuse me for butting in, but I'm interrupt-driven..."

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://1151089]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others pondering the Monastery: (4)
As of 2024-03-28 14:26 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found