Re: [PHP] header() vs HTTP_REFERER (Netscape 6)

[Yasuo Ohgaki]

HTTP_REFERER is set by browser. I treat HTTP_REFERER header as user input, so I don't trust it. Using HTTP_REFERER can open security hole in your web site. I suggest to change your authentication code, so that you don't rely on HTTP_REFERER. Regards, -- Yasuo Ohgaki ""Scott Fletcher"" <[EMAIL PROTECTED]> wrote in message 9a2cpr$5d0$[EMAIL PROTECTED]">news:9a2cpr$5d0$[EMAIL PROTECTED]... > I had now found the problem. The website that have been in use for a > while work pretty well with IE and Netscape Navigator. Until NS6 came, > that's when the website start having some problem. > The website use the login page and any web pages after logging are > controlled by the security check. Security check is made of scripts that > check to be sure there is no direct access attempt and it also use the cache > expiration, etc. > So, I noticed when I use the HTTP_REFERER on every web pages as part of > the security check, it work pretty well. However, when I use the php code, > "header();" and automatically go to the next web page, the HTTP_REFERER > can't recieve data from the last page that use the php code, "header();". > It only affected NS6, it doesn't affected IE and Netscape Navigator. > > Why is that? What is the work-around to this problem? > > Thanks, > Scott > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]