Beefy Boxes and Bandwidth Generously Provided by pair Networks
No such thing as a small change

Comment on

( #3333=superdoc: print w/replies, xml ) Need Help??

The other Anonymous Monk and cLive;-) already gave you the answer, but didn't tell you how to implement it. An easy (though not entirely foolproof) way to do it is have each script that is allowed to call it pass an additional "password" parameter. The restricted script then receives that input and checks that it's valid before proceeding. It's reasonably secure because it's getting passed within your server, and the user will never see the required parameter list to make the restricted script work.

Someone could, in principle brute force it, but if you pick a long random string the time required is long. It's probably essentially the same code you're already using with the HTTP_REFERER, but with a different parameter, and the calling scripts have to send it explicitly. There are various ways to make the brute force attack less economical by increasing the time required per call by a small amount- any single call will barely notice, but it adds up when you're doing a lot of them.

There may also be some complicated way you can do it by setting permissions so that your www user (or whatever your server runs as) isn't allowed to call it, but then the scripts that can call it can sudo to be a user with the correct permissions. This seems like a sketchier approach to me, since it probably uses system calls and may expose you to other security risks in less predictable ways.

EDIT: Your Mother's approach is better than either of the above.

In reply to Re^3: Redirect Script unless called from previous script by bitingduck
in thread Redirect Script unless called from previous script by Anonymous Monk

Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":

  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.
  • Log In?

    What's my password?
    Create A New User
    [choroba]: Tux What bug?

    How do I use this? | Other CB clients
    Other Users?
    Others studying the Monastery: (4)
    As of 2018-04-26 21:23 GMT
    Find Nodes?
      Voting Booth?