I get nervous when I see HTTP_REFER and (unqualified) security mentioned together. Leaving aside the fact that the Referer header is trivially spoofed in a client, many "personal firewalls", proxies and other internet security software will remove or otherwise anonymise the the Referer header: the HTTP Specification makes the suggestion that it might be removed.
Beyond that it's not exactly clear how this might be used.
/J\
| [reply] [d/l] |
Load the module
require SF_form_secure;
---------------------------------------------------------------------
+----------
Set page up for self encoding if encoding is missing
3 - is the action type
$key - Must Provide a secret key.
'op=testForm;module=Flex_Form' - to work, must provide a matching sel
+f link
'' - not used for this action
'' - Minutes code will expire in 1 to 99, blank is off..
'ip' - use Remote IP in encoding, blank is off.
my $sec_self = SF_form_secure::x_secure('3', $key, 'op=testForm;modul
+e=Flex_Forma', '', '', 'ip');
[snip]
First of all... I can see some perl interspersed there, but is this supposed to be Perl code?!? Or am I missing something? Didn't you by any chance loose a whole bunch of comment signs along the way?
| [reply] [d/l] [select] |