I have my new rail program for a few days. I am running it on second place at Ubuntu 10.4 in Apta 2 , From the website created for it (this is a standalone database application for physical practitioners). For those I have created it, they want me to deploy it in the public part of my website, with only one change Those who open it through a link in the public part, they will not be able to click on a button!
I was thinking of doing something in my thoughts like this:
& lt;% if session [: inside]% & gt; & Lt;% = button_to 'hundred mælitæki', @ link_to_mt% & gt; & Lt;% end% & gt; How can I just set the session [: inside] if the program starts from within the personal part of the webpage? I had thought of creating two new tasks, the second session would make [: inside] true and the other false, but I think it is like a security risk, is not it?
BR, Sindri
You can use the referrer.
Note that this is not a bulletproof solution and there are many plugins (such as for Firefox) which removes the referrer from every request.
& lt;% If requesting .referer.start_with? "Your.internal.site"%> & Lt;% = button_to 'hundred mælitæki', @ link_to_mt% & gt; & Lt;% end% & gt; What does the button do? Is this a big security risk if it appears by accident?
Comments
Post a Comment