Beefy Boxes and Bandwidth Generously Provided by pair Networks
Pathologically Eclectic Rubbish Lister
 
PerlMonks  

Re: SF_form_secure

by gellyfish (Monsignor)
on Oct 24, 2006 at 11:31 UTC ( #580241=note: print w/ replies, xml ) Need Help??


in reply to SF_form_secure

I get nervous when I see HTTP_REFER and (unqualified) security mentioned together.

Leaving aside the fact that the Referer header is trivially spoofed in a client, many "personal firewalls", proxies and other internet security software will remove or otherwise anonymise the the Referer header: the HTTP Specification makes the suggestion that it might be removed.

Beyond that it's not exactly clear how this might be used.

/J\


Comment on Re: SF_form_secure
Download Code
Re^2: SF_form_secure
by SFLEX (Chaplain) on Oct 24, 2006 at 12:02 UTC
    I know all to well the many ways referers can be spoofed. This is way the code has settings that can change what you want to check for a page. The main action that should be used is the QUERY_STRING encoding, witch can secure the data in the QUERY_STRING from being tamperd with. The QUERY_STRING encoding can be checked allown or if you want to increace the security check you can give a matching referer and/or check the referer encoding witch was the last QUERY_STRING encoding. 1) This code can be use to stop anyone from tampering with your url's 2)This code can be used to secure one page to another. 3) this code can be used to add an experation to links made. 4) this code can be used to only allow the one that requested the link encoding to work for. has more uses....

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://580241]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others meditating upon the Monastery: (14)
As of 2014-07-25 20:47 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    My favorite superfluous repetitious redundant duplicative phrase is:









    Results (175 votes), past polls