Re: Re: Secure or not secure, that question.

Replies are listed 'Best First'.
Re: Re: Re: Secure or not secure, that question. by tomhukins (Curate) on Mar 13, 2001 at 22:26 UTC
As the CGI docs will tell you, environment variables beginning with `HTTP_` are the HTTP headers sent by the client in its request. So, if an HTTP request contains the header `Field: Value`, then a Perl CGI will see `$ENV{'HTTP_FIELD'}` as the string `Value`.	[reply]
Re: Re: Re: Re: Secure or not secure, that question. by fpi (Monk) on Mar 13, 2001 at 22:57 UTC
tomhukins, I still don't understand why relying on an HTTP_ environment variable would not be recommended. I am asking because I rely on them all the time. So they indicate they are coming from the client....isn't that what akm2 is looking for?	[reply]
Re: Re: Re: Re: Re: Secure or not secure, that question. by merlyn (Sage) on Mar 13, 2001 at 22:58 UTC
They come untrusted from the client. Trivial to fake, and often stripped at security gateways or mangled by proxies. -- Randal L. Schwartz, Perl hacker	[reply]