At 10:18 07/06/01, Aaron Craig wrote:
>remote_host is not the same as HTTP_REFERRER, is it? -- http referral is
>the address of the server where the page lives that the person clicked on
>to arrive to the cgi script. It should also be treated with a grain of
>salt, as the information it provides can easily be manipulated and forged
>to make it look like the request is coming from a different computer. You
>shouldn't use http referral alone for security, for instance.
Hi all,
I've seen a few references to this spoofing of HTTP_REFERER -- how is it
accomplished?
(Asking not so that I can do it myself ;-) but to ascertain whether the
circumstances / requirements are such that this danger is of relevance to
my application.)
Thanks,
Mo
Mo Holkar
Undying King Games
[EMAIL PROTECTED]
http://www.ukg.co.uk
