Re: Re: Re: Secure or not secure, that question.

As the CGI docs will tell you, environment variables beginning with HTTP_ are the HTTP headers sent by the client in its request.

So, if an HTTP request contains the header Field: Value, then a Perl CGI will see $ENV{'HTTP_FIELD'} as the string Value.

Comment on Re: Re: Re: Secure or not secure, that question.

Replies are listed 'Best First'.
Re: Re: Re: Re: Secure or not secure, that question. by fpi (Monk) on Mar 13, 2001 at 22:57 UTC
tomhukins, I still don't understand why relying on an HTTP_ environment variable would not be recommended. I am asking because I rely on them all the time. So they indicate they are coming from the client....isn't that what akm2 is looking for?	[reply]
Re: Re: Re: Re: Re: Secure or not secure, that question. by merlyn (Sage) on Mar 13, 2001 at 22:58 UTC
They come untrusted from the client. Trivial to fake, and often stripped at security gateways or mangled by proxies. -- Randal L. Schwartz, Perl hacker	[reply]