Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

How do I hide a script name in a variable?

Posted on 2002-04-16
3
Medium Priority
?
130 Views
Last Modified: 2013-12-25
I have a form that hackers are infiltrating. I want a way to "hide" the action= attribute of the form so that when they save my form to their computer to run scripts off of, it won't be able to find it.

OK, so now that I know that won't work - what can I do to the perl file so that it rejects anyone NOT coming from the correct server?
0
Comment
Question by:trulygreat
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 53

Expert Comment

by:COBOLdinosaur
ID: 6953668
You can try this:
http://www.dynamicdrive.com/dynamicindex9/encrypter.htm

but they will have to be pretty lame to not be able to figure it out. You cannot do security from the client side.  You have to stop them on the server, bu modifying the script to detect unauthorized requests, or require a logonid and password managed from the database.

Cd&
0
 
LVL 2

Expert Comment

by:jpoesen
ID: 6956694
You can have your script parse your environment variables and act upon those.

a few interesting ones :
AUTH_TYPE
REMOTE_ADDR
REMOTE_HOST
REMOTE_IDENT
REMOTE_USER

HTTP_REFERER is also interesting.

usage :
$ENV(var)

example:
visitorIP = $ENV('REMOTE_ADDR')

Hope this is enough for your problem.
jpoesen
0
 
LVL 18

Accepted Solution

by:
mgfranz earned 240 total points
ID: 6959901
Or set a session variable when a page prior to the from is loaded, (if you are on IIS), then check that variable in the form processing page.  If there, continue, else reject.

If ENV variable do not work for you, try a cookie that has the date/time of visit set in the page just prior to the form being loaded, then check this cookie in the form processing page for date/time up to -20 minutes, if false, reject.

Another way would be to write a cookie with the name of the form processing page in the cookie, since it is tied to your server, this make for a viable alternative.

Or, just process the form in the parent page;

<%
formVal = Request("action")

If formVal = "Do It" Then
    do this...
    Load the processing portin of the page
ElseIf formVal = "" Then
    do that
    Load the Form portion of the page
Else
End If

<form method=post>
...
<submit button name="action" value="Do It">

0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

FAQ pages provide a simple way for you to supply and for customers to find answers to the most common questions about your company. Here are six reasons why your company website should have a FAQ page
Without even knowing it, most of us are using web applications on a daily basis.  In fact, Gmail and Yahoo email, Twitter, Facebook, and eBay are used by most of us daily—and they are web applications. We generally confuse these web applications to…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
Learn how to create flexible layouts using relative units in CSS.  New relative units added in CSS3 include vw(viewports width), vh(viewports height), vmin(minimum of viewports height and width), and vmax (maximum of viewports height and width).
Suggested Courses

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question