tags:

views:

3

answers:

0
Q: 

Source Site Based Authentication

What's the best way to authenticate where a request is coming from? I want my application to redirect to a standard message page if the request didn't come from a defined web page.
Requirements:
PHP
Users have to be able to define the source, eg. set up database records defining valid source pages.
This doesn't have to be super secure, just thwart that average user.

I've looked into using $_SERVER['HTTP_REFERER'] value, but seen posts here suggesting this is a bad idea. What's better?

Thanks in advance, John

related questions

Basic HTTP Authentication on iPhone
Can I coerce Apache into not including a WWW-Authenticate header for failed HTTP Basic Auth?
How do I keep Firefox from prompting for username/password with HTTP Basic Auth with JQuery AJAX?
Apache .htaccess password protect with relative path
HTTP Authentication Headers for IIS windows authentication
How can an Ajax callback realize that a user's authenticated session has timed out?
IIS as reverse proxy
Designing a web api: How to authenticate?
Authenticating to Google Search Appliance using Basic HTTP auth and ASP.NET (VB)
How do I secure authentication but not the payload?
HTTP Digest Authentication versus SSL
What should we implement to authorize clients to use our web service?
Handling http authenticated urls from elisp
Flex 3 - how to support HTTP Authentication URLRequest?
HTTP Basic Authentication with HTTPService Objects in Adobe Flex/AIR
How does wininet handle cookies
IIS7 and Authentication problems
Apache/.htaccess - password-protecting a domain but whitelisting certain URIs within it
Why is the http auth UI so poor in browsers?
WCF WebHttp Mixed Authentication (Basic AND Anonymous)
HTTP Authentication (Basic or Digest) in ASP Classic via IIS
Can I use HTTP Basic Authentication with Django?
Kerberos and T125 protocol
How can I supress the browser's authentication dialog?
GreaseMonkey script to auto login using HTTP authentication