Justtechjobs.com Find a programming school near you






Online Campus Both


php-general | 2001032

Re: [PHP] header() vs HTTP_REFERER (Netscape 6) From: Yasuo Ohgaki (yohgaki <email protected>)
Date: 03/30/01

HTTP_REFERER is set by browser. I treat HTTP_REFERER header as user input, so I
don't trust it. Using HTTP_REFERER can open security hole in your web site.

I suggest to change your authentication code, so that you don't rely on
HTTP_REFERER.

Regards, 

--
Yasuo Ohgaki

""Scott Fletcher"" <scott <email protected>> wrote in message
news:9a2cpr$5d0$1 <email protected>
>   I had now found the problem.  The website that have been in use for a
> while work pretty well with IE and Netscape Navigator.  Until NS6 came,
> that's when the website start having some problem.
>   The website use the login page and any web pages after logging are
> controlled by the security check.  Security check is made of scripts that
> check to be sure there is no direct access attempt and it also use the cache
> expiration, etc.
>   So, I noticed when I use the HTTP_REFERER on every web pages as part of
> the security check, it work pretty well.  However, when I use the php code,
> "header();" and automatically go to the next web page, the HTTP_REFERER
> can't recieve data from the last page that use the php code, "header();".
> It only affected NS6, it doesn't affected IE and Netscape Navigator.
>
>     Why is that?  What is the work-around to this problem?
>
> Thanks,
>  Scott
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: php-general-unsubscribe <email protected>
> For additional commands, e-mail: php-general-help <email protected>
> To contact the list administrators, e-mail: php-list-admin <email protected>
>

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: php-general-unsubscribe <email protected>
For additional commands, e-mail: php-general-help <email protected>
To contact the list administrators, e-mail: php-list-admin <email protected>