António José (ajose) wrote,
António José

  • Mood:


I've found a way.

A security wrapped CGI.
I validate it against invalid REQUEST_METHOD and block also the GET method (so, bye-bye to try using it accessing directly to it through the browser command line!)

And I'll add also e test to see the REFERRER to insure that only coming from one off the applications internal URLs will be accepted!

With these 2 security measures, I guess it will handle the job until I move to a server/client version to create and delete users on a server....


  • Post a new comment


    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded