Posted by Dan Rossi on 03/18/05 13:06

Hi there I am building a syndicate feed system for a client, it is
based on referer checking and a id is passed over, I could do what I do
with the expired url and generate a random string of some sort to login
the user automatically, but then it relies on the third party to have
php. I have tested with a referer spoofing app, and its true, it will
still let you through if you end up putting in the correct referring
domain which is join via the database. Is there another way around this
?

• Next in thread: Referer checking is able to be referer spoofed
• Next in forum: Re: [PHP] Reading all headers sent
• Prev in forum: Reading all headers sent
• Thread view: Referer checking is able to be referer spoofed

[Reply to this message]