[Date Prev][Date Next][Thread Prev][Thread Next][Minivend by date ][Minivend by thread ]

Re: [mv] Could this be a possible Security Hole?

To: minivend-users@minivend.com
Subject: Re: [mv] Could this be a possible Security Hole?
From: "Christopher P. Lindsey" <lindsey@mallorn.com>
Date: Tue, 2 Nov 1999 19:35:33 -0600 (CST)
In-Reply-To: <001001bf2590$386c4040$33d182cc@purenetfx.com> from "Brian T. Allen" at Nov 2, 99 05:13:13 pm

> The best way around this that I know is to check the HTTP_REFERER and make
> sure the page actually resides on your site before doing anything critical
> (like checkout).

A lot of browsers now allow users to disable the HTTP_REFERER
variable (and it's spoofable anyhow).  If you decide to use it anyway,
you may want to display a message telling people who don't have this
environment setting why things aren't working for them.

Chris

References:
- Re: [mv] Could this be a possible Security Hole?
  - From: "Brian T. Allen" <brian@purenetfx.com>

Prev by Date: Re: [mv] Could this be a possible Security Hole?
Next by Date: Re: [mv] Could this be a possible Security Hole?
Prev by thread: Re: [mv] Could this be a possible Security Hole?
Next by thread: Re: [mv] Could this be a possible Security Hole?
Index(es):
- Date
- Thread