RE: Avoiding GET in CGIs

First, you can handle this entirely in the .htaccess file or equivalent, at least in Apache, by making it deny from all for method GET HEAD, as in (untested):

<Files foo bar>
<Method GET HEAD>
order deny, allow
deny from all
</Method>
</Files>
[download]

Second, preventing anything but POST means I just have to write a script, and still won't need to go through your page. perldoc lwpcook shows how trivial it is to write such a program.

My advice (free, and worth every penny!): give it up. Artificial restrictions like this will always be worked around. I know, I've worked around a number myself. It's the illusion of control or security, and just that: an illusion.

-- Randal L. Schwartz, Perl hacker

Comment on RE: Avoiding GET in CGIs Download Code

Replies are listed 'Best First'.
RE: RE: Avoiding GET in CGIs by Michalis (Pilgrim) on Jul 14, 2000 at 00:57 UTC
I'm aware that if someone REALLY wants to overcome these restrictions, he may do it through literaly thousands of ways. As a matter of fact I've done it a couple of times (yes, with LWP :-) I was actually talking about the "average" site user (if such a thing exists...). By the way, thanks for the .htacess solution, it's much cleaner.	[reply]