Perl, how to only allow calls to perl or cgi script from certain page

how to only allow calls to perl or cgi script from certain page

Author	Message
Mike #1 / 5	how to only allow calls to perl or cgi script from certain page Hi, I need to be able to restrict users from calling my search script from their site or another site, or typeing whatever they want in the URL. FOr example, my buttons call the search script with only specific values, but How can I restirct them from entering whatever they want in the URL, so they dont list the entire database by typing 'the' or 'and'. I know I can create a list of words to prevent the searching but I would rather restrict the search to only being called from a certain page, and not allow them to enter any other search strings in the URL. Can anybody help me? Thanks in advance
Sat, 26 Jun 2004 21:07:03 GMT

Alan J. Flavel #2 / 5	how to only allow calls to perl or cgi script from certain page On Jan 8, Mike inscribed on the eternal scroll: Quote: > I need to be able to restrict users from calling my search script from their > site or another site, or typeing whatever they want in the URL. Wrong thinking. There is absolutely no way you can reliably stop them from making mischievous requests in the first place. There is no shortcut: you need to fully validate their request when it reaches the server. Quote: > I know I can create a list of words to prevent the searching but I would > rather restrict the search to only being called from a certain page, and not > allow them to enter any other search strings in the URL. > Can anybody help me? Not until you recognise that you're wasting your time with that approach. Be sure to carefully read and understand Stein's WWW CGI Security FAQ. Writing CGI scripts is a serious enterprise - many security exposures (some of which have been far from trivial) have been created by script authors who failed to take the task seriously. And next time you have a specifically CGI question, I reckon the regulars here would prefer you raise it on a place where CGI questions are on-topic (check the automoderation rules of comp.infosystems.www.authoring.cgi before posting). good luck
Sat, 26 Jun 2004 21:40:55 GMT

brian norma #3 / 5	how to only allow calls to perl or cgi script from certain page Quote: > Hi, > I need to be able to restrict users from calling my search script from their > site or another site, or typeing whatever they want in the URL. FOr > example, my buttons call the search script with only specific values, but > How can I restirct them from entering whatever they want in the URL, so they > dont list the entire database by typing 'the' or 'and'. > I know I can create a list of words to prevent the searching but I would > rather restrict the search to only being called from a certain page, and not > allow them to enter any other search strings in the URL. > Can anybody help me? > Thanks in advance you could check $ENV{"REMOTE_ADDRESS"} if your IP address is constant or $ENV{"REQUEST_URI"} - Hide quoted text - - Show quoted text -
Sat, 26 Jun 2004 22:27:37 GMT

Tad McClell #4 / 5	how to only allow calls to perl or cgi script from certain page Quote: >I need to be able to restrict users from calling my search script from their >site or another site, or typeing whatever they want in the URL. FOr >example, my buttons call the search script with only specific values, but >How can I restirct them from entering whatever they want in the URL, so they >dont list the entire database by typing 'the' or 'and'. >I know I can create a list of words to prevent the searching but I would >rather restrict the search to only being called from a certain page, and not >allow them to enter any other search strings in the URL. >Can anybody help me? What is your Perl question? ( I do not see one ) -- Tad McClellan SGML consulting Fort Worth, Texas
Sat, 26 Jun 2004 22:35:43 GMT

Randal L. Schwar #5 / 5	how to only allow calls to perl or cgi script from certain page Mike> I need to be able to restrict users from calling my search script from their Mike> site or another site, or typeing whatever they want in the URL. FOr Mike> example, my buttons call the search script with only specific values, but Mike> How can I restirct them from entering whatever they want in the URL, so they Mike> dont list the entire database by typing 'the' or 'and'. This question was already asked (and answered by me) on CIWAC. Please follow the thread there. Shame on the Usenaut for multi-posting without disclosure. :( -- Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095 Perl/Unix/security consulting, Technical writing, Comedy, etc. etc. See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!
Sun, 27 Jun 2004 00:45:03 GMT

Page 1 of 1

[ 5 post ]