|Just another Perl shrine|
Re: SF_form_secureby SFLEX (Chaplain)
|on Oct 25, 2006 at 23:29 UTC||Need Help??|
Ahhh... never was good at explaining how my stuff works. did you look in the example folder?
Data integrity with expiration for forms, links, cookies or other things.
Low security will stop url tampering and is nice to search engine ranking
if you do not use the expire, ip in encoding or an unique key for each user.
Remember if a method that prevents others from access to ones link encoding is used,
will heart that pages search engine ranking.
For some areas of your web portal when using Methods that prevent others from using
once links is applied (mainly for Admin and/or Member areas of the site)
can stop form hijacking and link hijacking witch for some web portals can give the
attacker control over Admin and Member accounts.
With the new action 4 and 5 one can have full control with when a cookie expires,
because the cookie expirations are stored in the users
browser and can be changed. the expiration encoding and a little extra perl code can be
used to replace the cookies old expiration method to one that will always work.
These two new actions are also good for securing data in hidden form field with or
without the expiration and other setting.
The Referer check 1 will check the Referers encoding witch was the last encoded QUERY_STRING,
if it matches the current QUERY_STRING, has a length of 1024 and if from the QUERY_STRING's domain.
Matching the Referer can match a Referer of any domain provided.
Using any of these Referer check can prevent users from spoofing there referer, Most web masters
Do not check the Referers because many people use referer spoofing and do not want to give it up.
So if you want to loose members or convince them not to spoof referers on your site, is up to you.
When one has mastered this module they will see the may possibilities it has to offer.
Secures Form: hijacking, url/data tampering and gives control for data to expire.
Could offer other securitys.