Beefy Boxes and Bandwidth Generously Provided by pair Networks
Your skill will accomplish
what the force of many cannot

Re: verify form submission is from a specific place

by ww (Archbishop)
on Jun 17, 2005 at 13:40 UTC ( #467718=note: print w/replies, xml ) Need Help??

in reply to verify form submission is from a specific place

The notion of forcing (internal) users to submit via the Intranet server seems pretty sound, but the notion of letting employees work from outside is less so... even if you do VPN or something similar.

re your (IP) isn't spoofable is it??: If not today, wait a few seconds. I wouldn't want to bet against it being an easy do today. cf annonymiser, etc. which appear readily adaptable.

and re What if I want them to be able to do this from home and not on our network?: In the famous words of the (allegedly) prototypical New Yawker, "fergeddiboudit!" For one thing, one frequently high priority consideration for running an intranet is SPECIFICALLY that you don't want a user from outside your firewall playing inside your (proprietary) workspace -- to which I'd add "even if you THINK you know who it is."

On the other hand, your outside server (RH) uses a fairly sound encryption scheme to validate those with accounts; one would think you might be able to avoid posting a (generic meaning) database to validate those authorized to change content. But on the third or fourth or fifth hand, what is the PHB's level of risk tolerance?

UPDATE But, see Tank's (++) below!
  • Comment on Re: verify form submission is from a specific place

Replies are listed 'Best First'.
Re^2: verify form submission is from a specific place
by xorl (Deacon) on Jun 17, 2005 at 14:36 UTC
    I was afraid someone was going to say that. We already have people out in the field who connect via VPN and can then go crazy on our internal network. Of course not all of them are authorized for VPN. For these people, they are limited to doing some very simple tasks on the webserver with a webform.

Log In?

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://467718]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others chanting in the Monastery: (4)
As of 2022-12-03 19:57 GMT
Find Nodes?
    Voting Booth?

    No recent polls found