Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl: the Markov chain saw
 
PerlMonks  

Re: SF_form_secure

by gellyfish (Monsignor)
on Oct 24, 2006 at 11:31 UTC ( #580241=note: print w/replies, xml ) Need Help??


in reply to SF_form_secure

I get nervous when I see HTTP_REFER and (unqualified) security mentioned together.

Leaving aside the fact that the Referer header is trivially spoofed in a client, many "personal firewalls", proxies and other internet security software will remove or otherwise anonymise the the Referer header: the HTTP Specification makes the suggestion that it might be removed.

Beyond that it's not exactly clear how this might be used.

/J\

Replies are listed 'Best First'.
Re^2: SF_form_secure
by SFLEX (Chaplain) on Oct 24, 2006 at 12:02 UTC
    I know all to well the many ways referers can be spoofed. This is way the code has settings that can change what you want to check for a page. The main action that should be used is the QUERY_STRING encoding, witch can secure the data in the QUERY_STRING from being tamperd with. The QUERY_STRING encoding can be checked allown or if you want to increace the security check you can give a matching referer and/or check the referer encoding witch was the last QUERY_STRING encoding. 1) This code can be use to stop anyone from tampering with your url's 2)This code can be used to secure one page to another. 3) this code can be used to add an experation to links made. 4) this code can be used to only allow the one that requested the link encoding to work for. has more uses....

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://580241]
help
Chatterbox?
[1nickt]: The best sign I have sign in a protest march was carried by a kid of about 10 years "If you build a wall my generation will tear it down."
[1nickt]: ... sign I have seen ...
[1nickt]: Now that one made me hopeful! First time not angry in a long time when I saw that kid.
[Discipulus]: i propend for removing: why? because we are so few that we must find i minimal common divisor, this is certainly Perl not our (anyway private) thougths. And i say this still wondering because i love a lot freedom of expression. And i say this not for roho
[1nickt]: Discipulus that was the point of my story of taking the sticker off my truck. I know there are lots of people in the world who if I knw their private beliefs I might want to argue with them. And they with me. But life cannot all be arguments!
[1nickt]: This is less than perfect ... but demanding perfection (from people or from life) is a sure way to unhappiness.
[Discipulus]: and anyway we have CB where every (democratic) opinion can be expressed
erix eat the rich!
[1nickt]: I do think it is sad that roho has received 3 downvotes for his polite request, as did I when I objected to the profanity in stonecolddevin's sig. I upvoted both him and Karl for the discussion. Way too much downvoting for inappropriate reasons here!
Discipulus learn that 'argue' has a little negative sense, he thought was a neutral sense, 'vox media'

How do I use this? | Other CB clients
Other Users?
Others chanting in the Monastery: (7)
As of 2017-06-22 12:18 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    How many monitors do you use while coding?















    Results (519 votes). Check out past polls.