Re: Can http_referer be spoofed
From: Mr Carter (Yacko_at_NoSpam.cox.net)
Date: 03/03/04
- Next message: Paul: "Redirect fails with Forms Authentication"
- Previous message: Sara T.: "Problem with ValidationSummary Control in Windows 2003"
- In reply to: Buddy Ackerman: "Can http_referer be spoofed"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 2 Mar 2004 21:58:16 -0600
Rule #1 Never trust anything you get from the user. All data is considered
harmful until it is validated.
ie Yes anyone can modify the header and post it back to you.
Encrypted cookie does not protect the data thats what SSL is for.
Hope that helps!
"Buddy Ackerman" <a.ackerman@comcast.net> wrote in message
news:%23Go7FUKAEHA.3248@TK2MSFTNGP11.phx.gbl...
> Is there a way to spoof the referer? One security measure that I want to
> implement is checking to make sure that a request came from a page on my
> site. In the same vein is it also possible to spoof the remote_host
server
> variable? Would using an encrypted cookie be the best way to secure data
> being passed back and forth between the client and the server?
>
>
- Next message: Paul: "Redirect fails with Forms Authentication"
- Previous message: Sara T.: "Problem with ValidationSummary Control in Windows 2003"
- In reply to: Buddy Ackerman: "Can http_referer be spoofed"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
