When run under the web server, your script will get information from a number of environment variables in a way specified by the common gateway interface (CGI) protocol. You can check that these are set as you would expect, but since a perl script invoking your script directly could also have set them, it isn't infallible.

First is QUERY_STRING; perl's CGI module uses this to get param information, but it will also by default look on the command line or STDIN. Turn this off with "use CGI -no_debug;" and verify that parameters you expect are present.

Verify that $ENV{REQUEST_METHOD} is GET or POST (whichever your form specified). It's also available from the CGI module as request_method(); other variables are similarly available - see CGI.

Check that HTTP_REFERER (sic) is the page containing your form.

That should stop most casual attempts to run your script. You can also set permissions so that only the user the webserver runs as has access to the script.

To further secure things, use a captcha image on your form page and/or a session (via cookie, parameter, or path).

In reply to Re: avoid by pass of web interface by ysth
in thread avoid by pass of web interface by advait

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.