WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: HTTP REFERER not set in Internet Explorer

From: Greg Skouby <gskouby () sitesnow com>
Date: Wed, 16 Nov 2005 20:03:50 -0500
On Wed, Nov 16, 2005 at 08:16:33AM -0800, Saqib Ali wrote:

Hello,


<snip>


Because of some security concerns I need the HTTP_REFERER to be set
correctly. If it is not possible, I will have to restrict my users to
a Mozilla based browser.



Because this is a list about web app security I feel the need to point this out.
Do not use HTTP_REFERER in any capacity as a "security check." Many tools
exist out there that allow users to customize HTTP_REFERER.

I am not quite sure that Saqib was going to do this but I thought I would make the
point.


--Greg
Previous By Date Next
Previous By Thread Next

Current thread: