Referer Buys You Nothing

geekerati · 02-06-2005, 12:14 AM

Chris Shiflett's Blog: Referer Buys You Nothing
2.04.2005 07:59:42 CST

Quote:

I am very surprised at how often I see Referer checking being mentioned as a safeguard against form spoofing. I can't properly express how completely useless this is. I've even had people try to argue with me, convinced that this is a sound technique.

Too many systems use this kind of authentication to ensure that the posted value comes from their own site, but, as he mentions, that is too easily spoofed. His suggestion for a added bit of security? Make a key in a hidden attribute that's unique to that loading of the form but can still be checked once the values are submitted.

PHP Developer

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Adobe Buys Macromedia	HHH The Game	General Discussion	1	05-15-2006 08:56 AM
Google buys Measure Map	geekerati	Other Google Features	1	02-16-2006 05:02 PM
Google buys Dodgeball	geekerati	All About Google	7	05-14-2005 03:01 AM
Google buys Urchin	geekerati	Other Google Features	1	04-13-2005 09:34 PM
Look out, Google: Microsoft Buys Looksmart	intelliot	Gmail Forum	10	07-21-2004 02:32 AM

GoogleCommunity Sponsor
Use coupon "forum" for 50% Off!


Sponsored Links