All,
There are certain scripts that I have that only I want to run, both from
home and sometimes work. If I add something like this (below) to the
scripts, will this keep out unauthorized use (if the scripts are found
somehow), or can the REMOTE_ADDR be easily spoofed ?
Should I be checking HTTP_CLIENT_IP and HTTP_X_FORWARDED_FOR also ?
$ip = $_SERVER["REMOTE_ADDR"];
if (($ip == "x.x.x.x") or ($ip == "y.y.y.y"))
{
//secret stuff
}
else
{
echo "<META HTTP-EQUIV=\"refresh\" content=\"0; url=/index.php\">";
die();
}
or something like this:
function getipaddress()
{
$ip;
if (getenv("HTTP_CLIENT_IP")) $ip = getenv("HTTP_CLIENT_IP");
else if (getenv("HTTP_X_FORWARDED_FOR")) $ip =
getenv("HTTP_X_FORWARDED_FOR");
else if (getenv("REMOTE_ADDR")) $ip = getenv("REMOTE_ADDR");
else $ip = "UNKNOWN";
return $ip;
}
$ip = getipaddress();
if(($ip == "x.x.x.x") or ($ip == "y.y.y.y"))
{
//secret stuff
} else {
echo "<META HTTP-EQUIV=\"refresh\" content=\"0; url=/index.php\">";
die();
}
Thanks. 3 3981
"StinkFinger" <st****@pinky.com> wrote in message
news:10*************@corp.supernews.com... All, There are certain scripts that I have that only I want to run, both from home and sometimes work. If I add something like this (below) to the scripts, will this keep out unauthorized use (if the scripts are found somehow), or can the REMOTE_ADDR be easily spoofed ?
You can send TCP/IP packets with fake return addresses fairly easily. But to
take advantage of it in an attack against a web server is hard, I believe,
as the HTTP response would get routed to the real address.
Chung Leong wrote: "StinkFinger" <st****@pinky.com> wrote in message news:10*************@corp.supernews.com...
All, There are certain scripts that I have that only I want to run, both from home and sometimes work. If I add something like this (below) to the scripts, will this keep out unauthorized use (if the scripts are found somehow), or can the REMOTE_ADDR be easily spoofed ?
You can send TCP/IP packets with fake return addresses fairly easily. But to take advantage of it in an attack against a web server is hard, I believe, as the HTTP response would get routed to the real address.
Just kinda thinking out loud... by why not limit access to the directory
your scripts are in with .htaccess or IIS's authentication? That'd
probably be a bit more secure than relying upon the REMOTE_ADDR.
Regards,
- Dan http://blog.dantripp.com
Dan Tripp wrote: There are certain scripts that I have that only I want to run, both from home and sometimes work. If I add something like this (below) to the scripts, will this keep out unauthorized use (if the scripts are found somehow), or can the REMOTE_ADDR be easily spoofed ?
You can send TCP/IP packets with fake return addresses fairly easily. But to take advantage of it in an attack against a web server is hard, I believe, as the HTTP response would get routed to the real address.
Just kinda thinking out loud... by why not limit access to the directory your scripts are in with .htaccess or IIS's authentication? That'd probably be a bit more secure than relying upon the REMOTE_ADDR.
Not an answer to your solution, but a suggestion that instead of writing out
a meta tag refresh you might want to do this instead:
header("Location: /index.php");
exit;
Chris
--
Chris Hope
The Electric Toolbox Ltd http://www.electrictoolbox.com/ This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Laphan |
last post by:
Hi All
I've been looking at having my Javascript file as an ASP one to try and stop
general prying eyes, eg:
<SCRIPT LANGUAGE="javascript" SRC="js-something.asp">
</SCRIPT>
and this seems...
|
by: wotan |
last post by:
We have an application that accesses a particular table, but it is
never updated. Without stepping through the complex application code,
is there a method of logging when a particular table is...
|
by: Daniel |
last post by:
Does anyone know how this can be done?
Thanks
|
by: Vani Murarka |
last post by:
Hi Everyone,
Does .NET offer any collection class which will give me objects last
*accessed* such that I may build a least-recently-used cache that
kills off objects that haven't been used for...
|
by: Caveman |
last post by:
I wonder if anyone has any hard fact based pro or contra, especially on
performance, about having views as opposed to tables when the object is
being accessed for read only by multiple...
|
by: Markus Enders |
last post by:
Hi everybody,
we are using version 7 of db2 and need to replicate a database. We are
using two web-based systems, which access two different databases. One
system is used for import data...
|
by: Bangalore |
last post by:
Hi,
In the following program, eventhogh two member function declared under
private section of the derived class are accessable by derived class
pointer.
Please clarify me how can derived class...
|
by: Simon Harvey |
last post by:
Hi everyone,
We have a need to make a Windows Forms (2.0) client application that
will be installed on our clients site.
The data that the application uses needs to be centrally available to a...
|
by: =?Utf-8?B?TWlrZQ==?= |
last post by:
Hi.
In VB.NET, is it possible to determine whether an ASP.NET is being accessed
internally (within the same domain hosting the application) or externally
(across the internet)? I've looked at...
|
by: tshad |
last post by:
I am trying to get access to a file that may still being written because the
file is so large (7-10MB).
I get an error:
The process cannot access the file 'c:\TestDocs\XMLFiles\492172.XML'...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
| |