On Tuesday 01 September 2015 08:58:30 Daniel-Constantin Mierla wrote:
if($rd!=$fd) {
send_reply("403", "Call outside the domain");
exit;
}
What is stopping from people from setting $fd to the desired domain? Isn't $ad
a better var. for this since it isn't dependend on user supplied data (well it
is but then authenication will fail). Otherwise $fd should be used for
authentication challenge/response.