/    Sign up×
Community /Pin to ProfileBookmark

web service spoofing

Copy linkTweet thisAlerts:
Aug 24.2007

if i were accepting posts (similar to paypal in how they check for ipn validity), is there anyway to spoof which domain the request is coming from?

i am trying to use the domain i get the request from as the unique id for that account.

anyone done anything similar?

to post a comment
PHP

2 Comments(s)

Copy linkTweet thisAlerts:
@ellisglAug 24.2007 — You can spoof a referrer - the link is an article and discussion on how to protect against it.

http://shiflett.org/blog/2005/feb/referer-buys-you-nothing
Copy linkTweet thisAlerts:
@JDM71488authorAug 24.2007 — i know about referer spoofing and user agent spoofing, but i was thinking of something like this:

mysite.com/server (accepts posts from other domains)

a.com/ (posts (curls) info to mysite.com/server)

b.com/ (posts (curls) info to mysite.com/server)

is there any way for a someone to spoof requests coming from a.com or b.com?

if so, i will not authenticate by domain, but by an 32 bit md5 string.

many thanks!
×

Success!

Help @JDM71488 spread the word by sharing this article on Twitter...

Tweet This
Sign in
Forgot password?
Sign in with TwitchSign in with GithubCreate Account
about: ({
version: 0.1.9 BETA 6.17,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});
changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...
recent_tips: (
tipper: @nearjob,
tipped: article
amount: 1000 SATS,

tipper: @meenaratha,
tipped: article
amount: 1000 SATS,

tipper: @meenaratha,
tipped: article
amount: 1000 SATS,
)...