My fix for the problem was to use:

my $remote_host = $q->remote_host();
my $referer = $q->referer();
if(
  ($referer =~ /admin\/mynameofreferingscript/)||
  ($remote_host =~ 203.x.x.x/)
  )
{
  display_page();
}
else {
  display_error();
}
[download]

I am aware that this could easily be beaten by working out the name of the admin page, then creating your own referer page and making a link which passes &tmp=$myscriptname to the original file, along with the desired arguments.

But i feel this risk is worth taking. :)
Neil Archibald - /dev/IT -