|
|
Posted by gosha bine on 06/01/07 14:54
On 01.06.2007 16:25 e_matthes@hotmail.com wrote:
> Hello,
>
> I keep reading that $_SERVER['HTTP_REFERER'] can easily be faked. Is
> that true of all server variables, or just some of them? In
> particular, I'm wondering if server_port can be faked.
>
> I'm interested right now because I want to detect whether the current
> page request is using http or https. I realize there are other ways
> to ensure the correct delivery of pages over https using directory
> management and htaccess, but I also want to understand the server
> variables better.
>
$_SERVER is mixture of system environment variables (e.g "PATH") and CGI
variables (e.g. "REQUEST_METHOD"), including extracted request headers
(all "HTTP_" ones). The latter group can be easily "faked", because it
contains data that comes from the client, not from your local machine.
--
gosha bine
extended php parser ~ http://code.google.com/p/pihipi
blok ~ http://www.tagarga.com/blok
Navigation:
[Reply to this message]
|