[Date Prev][Date Next][Thread Prev][Thread Next][Minivend by date ][Minivend by thread ]

Re: [mv] Could this be a possible Security Hole?

To: minivend-users@minivend.com
Subject: Re: [mv] Could this be a possible Security Hole?
From: Stefan Hornburg <racke@linuxia.net>
Date: 03 Nov 1999 02:01:35 +0100
In-Reply-To: "Brian T. Allen"'s message of "Tue, 2 Nov 1999 17:13:13 -0700"
References: <00ed01bf251c$467d6c00$02010061@oemcomputer> <001001bf2590$386c4040$33d182cc@purenetfx.com>
Sender: Stefan Hornburg <racke@gundel.han.de>

"Brian T. Allen" <brian@purenetfx.com> writes:

> ******    message to minivend-users from "Brian T. Allen" <brian@purenetfx.com>     ******
> 
> The best way around this that I know is to check the HTTP_REFERER and make
> sure the page actually resides on your site before doing anything critical
> (like checkout).

Isn't HTTP_REFERER set by the client ? Then nothing should depend on it.

Bye
        Racke

-- 
LinuXia - Solutions of Cool Competence - Internetprogramming and more
D-30163 Hannover, Waldstraße 4, 0511-3941290 (http://www.linuxia.net/)
Wir realisieren Onlineshops mit Minivend (http://www.minivend.com)
und MiniMate (http://www.linuxia.net/minimate/).

References:
- Could this be a possible Security Hole?
  - From: "vic777" <vic777@primenet.com>
- Re: [mv] Could this be a possible Security Hole?
  - From: "Brian T. Allen" <brian@purenetfx.com>

Prev by Date: Re: [mv] Could this be a possible Security Hole?
Next by Date: Can't create /order.number:Permission denied.
Prev by thread: Re: [mv] Could this be a possible Security Hole?
Next by thread: Re: [mv] Could this be a possible Security Hole?
Index(es):
- Date
- Thread