httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "R.J. Kraaij" <terdu...@worldonline.nl>
Subject Referer Protection. /get & post protection
Date Fri, 05 Mar 1999 09:00:19 GMT
If this Idea is already implemented into the apache server,i'm sorry for
bothering you time . I just think i need new eye's and a better search
engine then :o)

Referer Protection. The word might sound clear but vaguely :

Protected Certain Url's,By letting the users only access them if they 'r
arriving from a certain site. And if not, displaying them a Error Message.
 (as far as i could see there was no "Error4xx - You tried to access this 
location from the wrong point" for this)

This could be implemented somehow somewhere, in a module, and maybe in the
access file.

I still have that rare fealing that it must be somewhere hidden ,but
found numerous different views of it , thus created my own on a rainy day.

Post /Get Protection.

An other familair problem i focussed, was how to protect Post and Get
methode's, for delivering to must params. My idea i implemented was to
Give a number of parameters for a Certain location, thus
guarding my source against bogus users, who do all kind of unwanted things
with parameters. (there wasn't a standerd "Error4xx - You are accessing
this location with the wrong parameters" neither).

Offcourse, you could say that that kind of protection has to be inside the
cgi, or module itself, but hence, i believe that if this is done on 1
strategic postion, the change of misbehavoir is a lott smaller, and when
having multiple modules or cgi's needing this kind of protection, why not
do it on a central place ?

i even a strong protection, by guarding also the length of each parameter,
but that might be overdone.

 my 1 Euro  Coin.
			- Reinder Kraaij


Mime
View raw message