[thelist] Worried...please help

Chris W. Parker cparker at swatgear.com
Tue Jun 17 10:52:25 CDT 2003


Koutoulas, Pete <mailto:PKOUTOUL at Fayette.k12.ky.us> wrote:

> On Tuesday, June 17, 2003 10:17 AM, Steve Cook wrote:
> 
> > You could check that the information being submitted to your
> > application only comes from forms located on your server. Depending
> > upon which scripting language you're using on the server there are
> > different ways of doing this, but in ASP for instance you would do
> > something like the following: 
> > 
> > if Request.ServerVariables("LOCAL_ADDR") <> strYourIPNumber then
> > 'Return with an error end if
> 
> I wouldn't depend on that -- too easy to spoof.

I wouldn't depend on your opinion -- didn't provide an alternative.



Chris.


More information about the thelist mailing list