My company will allow some of our customers to show pages from our web site from their corporate site.
So, their company site will call a URL we set up for them that may look something like this...
where ACME is the name of the company that is calling the page from the acme.com web site.
Using this method, I know who the company is (ACME) and can show them their customized list of "best wines"
My question is about security. How do I ensure that someone does not take this link and use it on another web site?
What's to prevent anyone from using this same URL from anywhere?
If figure anything that I add to the URL, like an ID or Hash would also be copied, so it still doesn't help.
I do not see enough consistency with CGI.referrer to see that it is always populated so I don't think that would be a good solution.