1 Sep
2015
1 Sep
'15
8:08 a.m.
On Tuesday 01 September 2015 08:58:30 Daniel-Constantin Mierla wrote:
if($rd!=$fd) { send_reply("403", "Call outside the domain"); exit; }
What is stopping from people from setting $fd to the desired domain? Isn't $ad a better var. for this since it isn't dependend on user supplied data (well it is but then authenication will fail). Otherwise $fd should be used for authentication challenge/response.