Python-list Digest, Vol 35, Issue 410
namam0205 at gmail.com
namam0205 at gmail.com
Sun Aug 27 21:12:04 EDT 2006
Thank you Fredrik for answering.
Actually the "form.py" was copied from an example inside one of the URL
for non-programmer provided by python.org documentation site.
I'm not familiar with the method to convert an MD5 token to it original
state inside form.py. So, if I try to authenticate using referer, does the
referer="/form.html" ?
---------- Forwarded message ----------
From: Fredrik Lundh <fredrik at pythonware.com>
To: python-list at python.org
Date: Sat, 26 Aug 2006 00:46:16 +0200
Subject: Re: prevent unauthorized call to script
kudincendol at gmail.com wrote:
> I have copy-paste a script called "form.py" from somewhere else.
sounds a bit dangerous.
> This script is called from " form.html". Both are running in my Apache
> server. How do I prevent other html files from other server to call my
> "form.py" script ?
usual approaches include checking the referrer field, using server-
generated tokens in hidden fields, etc. this won't keep the determined
hacker to issue requests to your server, but at least it makes it a bit
harder to just post a HTML form somewhere else and point that to your
server.
it's probably best if you look for a form script that already supports
things like this.
</F>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-list/attachments/20060828/516170f3/attachment.html>
More information about the Python-list
mailing list