Beefy Boxes and Bandwidth Generously Provided by pair Networks
We don't bite newbies here... much

Re^3: Redirect Script unless called from previous script

by bitingduck (Chaplain)
on Nov 02, 2012 at 17:05 UTC ( #1002010=note: print w/replies, xml ) Need Help??

in reply to Re^2: Redirect Script unless called from previous script
in thread Redirect Script unless called from previous script

The other Anonymous Monk and cLive;-) already gave you the answer, but didn't tell you how to implement it. An easy (though not entirely foolproof) way to do it is have each script that is allowed to call it pass an additional "password" parameter. The restricted script then receives that input and checks that it's valid before proceeding. It's reasonably secure because it's getting passed within your server, and the user will never see the required parameter list to make the restricted script work.

Someone could, in principle brute force it, but if you pick a long random string the time required is long. It's probably essentially the same code you're already using with the HTTP_REFERER, but with a different parameter, and the calling scripts have to send it explicitly. There are various ways to make the brute force attack less economical by increasing the time required per call by a small amount- any single call will barely notice, but it adds up when you're doing a lot of them.

There may also be some complicated way you can do it by setting permissions so that your www user (or whatever your server runs as) isn't allowed to call it, but then the scripts that can call it can sudo to be a user with the correct permissions. This seems like a sketchier approach to me, since it probably uses system calls and may expose you to other security risks in less predictable ways.

EDIT: Your Mother's approach is better than either of the above.
  • Comment on Re^3: Redirect Script unless called from previous script

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://1002010]
[Corion]: You say the girls may strip with your permission, You draw the line dividing art from sin :-D
[ambrus]: Corion: I didn't want to start this particular computer up, I took this one away so that I can put the other computer I want to start up in its place, but that probably doesn't make much of a difference.

How do I use this? | Other CB clients
Other Users?
Others chilling in the Monastery: (7)
As of 2017-01-16 19:49 GMT
Find Nodes?
    Voting Booth?
    Do you watch meteor showers?

    Results (151 votes). Check out past polls.