xorl has asked for the wisdom of the Perl Monks concerning the following question:
Yeah sounds impossible I know. We have an Intranet server which is inside the firewall. It can easily access the employee database.
What I was thinking was to have the users go to the Intranet server, be validated, fill out the info on the form, then submit the form. The form would actually be submitted to the webserver.
Problem with this is how do I make sure what is submitted is actually from the Intranet server. I thought about checking the referrer, but I've written some scripts that send fake referrers. So far I'm thinking the best thing is to have the form send some kind of token. Or maybe I could force everyone to have an IP address in the 10.xx.xx.xx range (that isn't spoofable is it?? What if I want them to be able to do this from home and not on our network?)
From the comment Re: Referer check within domain problem it sounds like a completely different solution is needed. Yet there is no alternative offered.
The project is still at the idea stage, so almost anything can be changed. The only requirements are:
- We have to have a script manipulate a database on the webserver.
- It must only allow valid users to use it.
- We want to avoid having to maintain a database of users on the webserver.
- Allowing the webserver to access something on the other side of the firewall just isn't going to happen.
Any help would be appreciated. Thanks.