Alex,
In add and modify cgi's the referrers are checked after the pre hooks are done, and the control has passed to the subroutine.
Shouldn't that really be happening right after (or even before) the user authentication?
I understand that superficially it looks good to save the data, and output the bad error message on top of it, _BUT_ if the referrer is bad, they are not going to be able to use that form instance to input the data, so there is no reason to try to 'save' that data (the referrer is bad).
It's also a potential source for hacking, since they at least get a shot at the pre-hook processor before being bounced.
I know it's a small thing... but why waste the CPU, or take any risk, at all if the referrer is bad?
PUGDOGŪ
PUGDOGŪ Enterprises, Inc.
FAQ: http://postcards.com/FAQ
In add and modify cgi's the referrers are checked after the pre hooks are done, and the control has passed to the subroutine.
Shouldn't that really be happening right after (or even before) the user authentication?
I understand that superficially it looks good to save the data, and output the bad error message on top of it, _BUT_ if the referrer is bad, they are not going to be able to use that form instance to input the data, so there is no reason to try to 'save' that data (the referrer is bad).
It's also a potential source for hacking, since they at least get a shot at the pre-hook processor before being bounced.
I know it's a small thing... but why waste the CPU, or take any risk, at all if the referrer is bad?
PUGDOGŪ
PUGDOGŪ Enterprises, Inc.
FAQ: http://postcards.com/FAQ