[VPM] link 'bot' protection

mock mock at obscurity.org
Mon Feb 23 20:09:01 PST 2009


On Mon, Feb 23, 2009 at 05:05:43PM -0800, Jer A wrote:
> 
> 
> Thank you for your response.
> 
> what can i also do to prevent cross site scripting....eg, if some one finds the html code that references to the form cgi script.....and calls it from their own site for example....is there anything in perl that would allow client computers access (eg. surfers), but block other domains (websites)?
> 

REST is your friend (don't use GET in stateful contexts) and use a token
passing scheme to prevent credential replay attacks.  Both these things will
make your life significantly more annoying when designing your app, but will
save your ass in the long run.



More information about the Victoria-pm mailing list