I have recently being using a Perl mailer script(this was due to the web host not having PHP grrr...) and I have noticed that it includes a feature where it will only execute if the domain it is coming from is the same as it has on file. Is it neccesary to implement such a feature in my PHP mail/databse scripts? I'm geussing this is how you would do it:
<?PHP
// Get config file including trusted domain/IP
include('includes/config.php');
// Do the comparison
if ($trustedip == $_SERVER["HTTP_REFERER"])
{
// execute the script
}
else
{
PRINT("There has been an error, the server addresses do not match please contact the Administrator");
}
?>
Or is PHP inherently resistent to attacks like this?
