António José (ajose) wrote,
António José
ajose

  • Mood:

Login....

I've found a way.

A security wrapped CGI.
I validate it against invalid REQUEST_METHOD and block also the GET method (so, bye-bye to try using it accessing directly to it through the browser command line!)

And I'll add also e test to see the REFERRER to insure that only coming from one off the applications internal URLs will be accepted!

With these 2 security measures, I guess it will handle the job until I move to a server/client version to create and delete users on a server....

:-))))))
Subscribe
  • Post a new comment

    Error

    Anonymous comments are disabled in this journal

    default userpic

    Your IP address will be recorded 

  • 3 comments