/    Sign up×
Community /Pin to ProfileBookmark

checking if a GET/POST was made from my domain

Copy linkTweet thisAlerts:
Aug 23.2004

i want to check wheter a script that was accedd by the client
was from my domain :
what i mean is say i have a domain called
[url]www.mycoolestdomainonearth.com[/url]
and i have a 1.php script
and i have a flash program or a program that is written in JS and uses microsoftXMLHttp activeX to access that page!!!
how can i check that each of them is running in under my domain
[url]www.mycoolestdomainonearth.com[/url]
and not from html script in on the desktop!
(to check that the flash run’s in a browser or not isnt the problem!!!)
what can i do?
thnaks in advance
peleg

to post a comment
PHP

5 Comments(s)

Copy linkTweet thisAlerts:
@shimonAug 24.2004 — With Javascript you could presumably build in a check on location.href. There would, of course, be no way you could stop anyone manually removing that check on a downloaded version. Still, I'm not sure why on earth you would consider using Activex for anything.

As for Flash - maybe this is a tiny bit more secure. I can't remember the syntax but someone in a Flash/Actionscript forum will easily tell you the code for this - it's _root.Url or something, I believe. Happily, if you're going to use Flash anyway, you might want to look into ActionScript XMLSockets. Part of the built-in security model for that dictates that you can _only_ connect to the server on which the Flash file originates. So that may be exactly what you're looking for.
Copy linkTweet thisAlerts:
@pelegk1authorAug 27.2004 — that u can open the swf file and copy the code and send using xmlSocket what ever u like including a fake url
Copy linkTweet thisAlerts:
@schizoAug 27.2004 — Here's some ActionScript code I wrote to check the current URL fo the swf playing. As previously mentioned it is by no means fullproof (nothing is), but will provide some minor security nonetheless.

<i>
</i>/*
acceptedURL is a string value that should point to the .swf you wish to secure, not the .html file that it is embedded in
Example function call: secure("http://myserver/myFile.swf");
*/

function secure(acceptedURL)
{
_root.stop();
currentURL = _root._url;

<i> </i>if(currentURL != acceptedURL)
<i> </i>{
<i> </i> msg = "You are attempting to run this file from an unauthorized location. Please run from " + acceptedURL + " and try again.";
<i> </i> getURL("javascript:alert('"+msg+"')")
<i> </i> _root.unloadMovie();
<i> </i>}
<i> </i>else
<i> </i>{
<i> </i> _root.play();
<i> </i>}
}
Copy linkTweet thisAlerts:
@pelegk1authorAug 27.2004 — but the problem is that is vcery very easy to bypass this script
Copy linkTweet thisAlerts:
@schizoAug 27.2004 — [i]Originally posted by pelegk1 [/i]

[B]but the problem is that is vcery very easy to bypass this script [/B][/QUOTE]

Umm yeah. As I stated in my sentence above the code...
×

Success!

Help @pelegk1 spread the word by sharing this article on Twitter...

Tweet This
Sign in
Forgot password?
Sign in with TwitchSign in with GithubCreate Account
about: ({
version: 0.1.9 BETA 5.28,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});
changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...
recent_tips: (
tipper: @AriseFacilitySolutions09,
tipped: article
amount: 1000 SATS,

tipper: @Yussuf4331,
tipped: article
amount: 1000 SATS,

tipper: @darkwebsites540,
tipped: article
amount: 10 SATS,
)...