in reply to Re: Preventing changes on the
in thread Preventing changes on the

POSTs are still quite easy to fake. True, you can't simply edit the URL in the browser address bar, but all you have to do is save the HTML page, edit the value of the hidden field, view the resulting page locally, and hit Submit.

Further authentication is really a necessity in a scenario like this.

Replies are listed 'Best First'.
Re(3): Preventing changes on the
by dmmiller2k (Chaplain) on Feb 19, 2002 at 02:35 UTC

    This is true. I did not intend to suggest that this (and this alone) was a solution to the problem, but it makes it that much more difficult to accomplish (weeding out the "casual" spoofers, as it were). I agree that other security measures are also necessary; for instance, also incorporating HTTP_REFERRER checks and using session cookies, etc.

[reply]

In Section Seekers of Perl Wisdom