Denzil Kruse wrote:
> Hi,
>
> I want to know the web site that someone came from,
> and so I was planning on reading $ENV{'HTTP_REFERER'}
> to figure it out. How reliable is that? Do browsers
> or other situations block it or obfuscate it? Is
> there another way to do it or any other issues
> involved? I'm using apache on red hat.
>
> Thanks,
> Denzil
>
Depends on your definition of reliable. From experience it would seem
most browsers set it pretty reliably.
Having said that, it is just a value passed as part of the HTTP request
so anyone can spoof it at anytime, so relying on it from a security
stand point, well, isn't secure.
I imagine if you are doing something where someone can benefit from
obfuscating it, they will. If you want to use it for ease of UI
handling (aka redirects, prepopulating fields, marketing metrics) I
think you are safe.
HTH,
http://danconia.org
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
<http://learn.perl.org/> <http://learn.perl.org/first-response>
