Re: Form Security — PHP Programming Language

You are here: Re: Form Security « PHP Programming Language « IT news, forums, messages

Posted by Chung Leong on 03/10/06 02:05

Justin Koivisto wrote:
> Chung Leong wrote:
> >
> > A check on HTTP_REFERER is actually sufficient too, since ordinary
> > users aren't going to be spoofing the Referer headers.
>
> Anyone that is running a firewall program like Norton's Personal
> Firewall won't send the referrer... There are a number of web proxies
> out there that do the same. Don't even bother with the HTTP_REFERER for
> anything.

If HTTP_REFERER is empty, then bypass the test. Really, one should
consider each scenario carefully instead of just blindly repeating some
axiom. In this case, making cross-site posting not functional a
majority of the times is sufficient in deterring sites from doing it.

Navigation:

Next in forum: Re: calendar program (help)
Prev in forum: Re: Form Security
Thread view: Re: Form Security

[Reply to this message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация