in reply to how to add a refer to LWP::UserAgent

or, without the tact (at least as I understood it) displayed by Joost: re "faking...."

OK, I can think of legit reasons but I can also think of lots of blackhattery, chapeau-noir, etc for which this information might be potentially used.

update Fletch and Joost make valid points below. Guess that all that's left in defense (and it needs it) of this observation is my belief that many||most web aps are VERY poorly secured. So while I agree with Fletch's assessment of blame, I don't think that's the end of the chain of victims -- clueless users, like my Grandparent or yours, wanna-be-webmasters who haven't had the exposure to the school of hardknocks that some||many monks have endured (and profitted from) and so on... ie, the very folk to whom Joost 's phrase --- "good security measures..." --- is a complete mystery.

  • Comment on Re: how to add a refer to LWP::UserAgent

Replies are listed 'Best First'.
Re^2: how to add a refer to LWP::UserAgent
by Fletch (Bishop) on May 22, 2006 at 19:45 UTC

    Anyone whose web application is compromised because they trusted the contents of the referrer header has only themselves to blame.

Re^2: how to add a refer to LWP::UserAgent
by Joost (Canon) on May 22, 2006 at 19:53 UTC
    Haha. Well, I just wasn't thinking straight (for some reason I kept substituting "location" for "referer")

    Actually, I can't really think of any good security measures that can be messed with by faking referer headers. The few times I've had to fake them myself was for automating really badly "secured" web apps. Usually all you'll mess up are website statistics - which are unreliable anyway.