prevent unauthorized call to script
Fredrik Lundh
fredrik at pythonware.com
Fri Aug 25 18:46:16 EDT 2006
kudincendol at gmail.com wrote:
> I have copy-paste a script called "form.py" from somewhere else.
sounds a bit dangerous.
> This script is called from " form.html". Both are running in my Apache
> server. How do I prevent other html files from other server to call my
> "form.py" script ?
usual approaches include checking the referrer field, using server-
generated tokens in hidden fields, etc. this won't keep the determined
hacker to issue requests to your server, but at least it makes it a bit
harder to just post a HTML form somewhere else and point that to your
server.
it's probably best if you look for a form script that already supports
things like this.
</F>
More information about the Python-list
mailing list