Solved

How do I hide a script name in a variable?

Posted on 2002-04-16
3
122 Views
Last Modified: 2013-12-25
I have a form that hackers are infiltrating. I want a way to "hide" the action= attribute of the form so that when they save my form to their computer to run scripts off of, it won't be able to find it.

OK, so now that I know that won't work - what can I do to the perl file so that it rejects anyone NOT coming from the correct server?
0
Comment
Question by:trulygreat
3 Comments
 
LVL 53

Expert Comment

by:COBOLdinosaur
Comment Utility
You can try this:
http://www.dynamicdrive.com/dynamicindex9/encrypter.htm

but they will have to be pretty lame to not be able to figure it out. You cannot do security from the client side.  You have to stop them on the server, bu modifying the script to detect unauthorized requests, or require a logonid and password managed from the database.

Cd&
0
 
LVL 2

Expert Comment

by:jpoesen
Comment Utility
You can have your script parse your environment variables and act upon those.

a few interesting ones :
AUTH_TYPE
REMOTE_ADDR
REMOTE_HOST
REMOTE_IDENT
REMOTE_USER

HTTP_REFERER is also interesting.

usage :
$ENV(var)

example:
visitorIP = $ENV('REMOTE_ADDR')

Hope this is enough for your problem.
jpoesen
0
 
LVL 18

Accepted Solution

by:
mgfranz earned 80 total points
Comment Utility
Or set a session variable when a page prior to the from is loaded, (if you are on IIS), then check that variable in the form processing page.  If there, continue, else reject.

If ENV variable do not work for you, try a cookie that has the date/time of visit set in the page just prior to the form being loaded, then check this cookie in the form processing page for date/time up to -20 minutes, if false, reject.

Another way would be to write a cookie with the name of the form processing page in the cookie, since it is tied to your server, this make for a viable alternative.

Or, just process the form in the parent page;

<%
formVal = Request("action")

If formVal = "Do It" Then
    do this...
    Load the processing portin of the page
ElseIf formVal = "" Then
    do that
    Load the Form portion of the page
Else
End If

<form method=post>
...
<submit button name="action" value="Do It">

0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

I've been asked to discuss some of the UX activities that I'm using with my team. Here I will share some details about how we approach UX projects.
Any business that wants to seriously grow needs to keep the needs and desires of an international audience of their websites in mind. Making a website friendly to international users isn’t prohibitively expensive and can provide an incredible return…
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
Any person in technology especially those working for big companies should at least know about the basics of web accessibility. Believe it or not there are even laws in place that require businesses to provide such means for the disabled and aging p…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now