473,397 Members | 2,116 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > php > questions > passing variables/security issues

Join Bytes to post your question to a community of 473,397 software developers and data experts.

Passing Variables/Security Issues

1
Hi

I am new to this web site and fairly new to PHP so I apologise if my description of the problem I have is not that clear.

I am basically trying to set up a third party PHP script that uses a variable to display an image. The thing is my site was set up with a mixture .shtml and .cgi and I don't know how to include the PHP script in them.

The solution I have come up with is to have the PHP script included as an iframe and the variable passed in the url:

www.mydomain.com/script.php?image=imagename.gif

This works perfectly but since I pay for each image display it is open to abuse as anyone could link to the script and use my account to display these images on their site. It is unlikely but you can't discount these things happening.

So my questions are:

1. Is there a script or way to make it so these images can only be used on my domain? If this is possible it needs to be so the parent frame is on the same domain too.

2. Is there a way to hide the url or encode it so that my site knows whats going on but people can't link to my script and use my account?

3. Any other suggestions for a fix?

I would post the code I am using here but I don't think its that relevant as I am more interested in fixing the integration rather than change the script.

Thanks for any help, I hope my description was clear enough.
Nov 28 '06 #1
2 1168
answer to 1, use $_SERVER['HTTP_REFERER']
Nov 28 '06 #2
ronverdonk
4,258 Expert 4TB
HTTP_REFERRER cannot be trusted to be correct. Some providers do not make this available to users, mine included. See PHP doc on this at Predefined Variables

'HTTP_REFERER'
The address of the page (if any) which referred the user agent to the current page. This is set by the user agent. Not all user agents will set this, and some provide the ability to modify HTTP_REFERER as a feature. In short, it cannot really be trusted.
As to your question 2: ever thought of using a POST structure, like with cURL?

Ronald :cool:
Nov 28 '06 #3

Sign in to post your reply or Sign up for a free account.

Similar topics

1
Passing Parameters to a Web Page Script
by: JD | last post by:
I posted this earlier and it disappeared from the NewsGroup I want to pass two parameters to a simple script running on my web server. The script "parpass.php" looks like this: <?php echo...
PHP
9
Session Variables Persist Across Window Close on Mac IE 4.5 and Greater
by: Pack Fan | last post by:
I've noticed that session variables will persist on Mac IE even after all browser windows have been closed. One must quit the program to clear the session variables. This presents a security risk...
ASP / Active Server Pages
3
passing values in a setTimeout function
by: domeceo | last post by:
can anyone tell me why I cannot pass values in a setTimeout function whenever I use this function it says "menu is undefined" after th alert. function imgOff(menu, num) { if (document.images) {...
Javascript
11
Key-passing from PHP to TCL CGI script - how is it done (web security issue)?
by: comp.lang.php | last post by:
On one of my sites, I have a TCL CGI script that has a security hole in spite of it having effective server-side validation (the fact that it's CGI IS its security hole). The front end is a PHP...
PHP
7
passing param to xslt styleseet problem
by: Harolds | last post by:
The code below worked in VS 2003 & dotnet framework 1.1 but now in VS 2005 the pmID is evaluated to "" instead of what the value is set to: .... xmlItems.Document = pmXML // Add the pmID...
.NET Framework
2
Passing values to a Web Page
by: Fabrizio | last post by:
HI, i need to pass a value from a Web Page to another in ASP.NET, eg. i want to keep the user name from a login page and diplay to next page . What should I use? Thanks, fabrizio
C# / C Sharp
5
How secure are session variables?
by: VB Programmer | last post by:
I often use session variables to store the user's security level, and other important info. How secure are session variables? Can someone decrypt it and get the information? (This would be...
ASP.NET
26
Warning - AVOID SESSION VARIABLES
by: BillE | last post by:
Some ASP.NET applications use Session Variables extensively to maintain state. These should be re-written to use viewstate, hidden fields, querystring, etc. instead. This is because if a user...
ASP.NET
17
Query SQL using variables.
by: R.Rafii | last post by:
Hi, I have a simple (?) question for you all experts. I have a button that performs a query on my SQL and fill a datagrid on the form The code: Dim sconn As New SqlConnection()...
Visual Basic .NET
87
Why are variables stored on the stack?
by: CJ | last post by:
Hello: We know that C programs are often vulnerable to buffer overflows which overwrite the stack. But my question is: Why does C insist on storing local variables on the stack in the first...
C / C++
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice
0
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new...
Microsoft Access / VBA

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!