WebApp Sec mailing list archives
Re: HTTP REFERER not set in Internet Explorer
From: Tobias Schlitt <tobias () schlitt info>
Date: Thu, 17 Nov 2005 12:35:36 +0100
Hi Saqib Ali! You wrote:
Because of some security concerns I need the HTTP_REFERER to be set correctly. If it is not possible, I will have to restrict my users to a Mozilla based browser.
Sorry to say, but are you sure the HTTP_REFERER header is a good way to secure your application? It's so easy fakeable. Just my 0.02. Cheers! Toby -- Tobias Schlitt - Zend Certified Engineer GPG Key: 0xA6529579 a passion for php http://www.schlitt.info Like to say "thank you"? - http://pear.php.net/wishlist.php/toby
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- HTTP REFERER not set in Internet Explorer Saqib Ali (Nov 16)
- Re: HTTP REFERER not set in Internet Explorer Marc Koschewski (Nov 17)
- Re: HTTP REFERER not set in Internet Explorer Tobias Schlitt (Nov 17)
- Re: HTTP REFERER not set in Internet Explorer Amit Klein (AKsecurity) (Nov 17)
- Re: HTTP REFERER not set in Internet Explorer Jonathan Angliss (Nov 17)
- Re: HTTP REFERER not set in Internet Explorer George Johnson (Nov 17)
- Re: HTTP REFERER not set in Internet Explorer Chris Varenhorst (Nov 17)
- Re: HTTP REFERER not set in Internet Explorer Todd Hendricks (Nov 17)
- Re: HTTP REFERER not set in Internet Explorer Dean H. Saxe (Nov 17)
- Re: HTTP REFERER not set in Internet Explorer Greg Skouby (Nov 17)
- RE: HTTP REFERER not set in Internet Explorer Richard M. Smith (Nov 17)
- Re: HTTP REFERER not set in Internet Explorer Oleg Lecinski (Nov 17)
- <Possible follow-ups>
- RE: HTTP REFERER not set in Internet Explorer Amichai Shulman (Nov 17)
(Thread continues...)
- Re: HTTP REFERER not set in Internet Explorer Marc Koschewski (Nov 17)