I suggest you read this article: http://www.thesamet.com/blog/2007/01/16/prepare-for-attack%e2%80%94making-your-web-applications-more-secure/ It is about web security especially XSRF section. It states there that some of the browsers does not send the referer header.
Nandi -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Arne-Kolja Bachstein Sent: Monday, February 05, 2007 1:17 PM To: jQuery Discussion. Subject: Re: [jQuery] Securing AJAX/PHP against direct calls? halfer wrote: > Checking the referrer in the HTTP header is about as much as you can do, > although of course this can be faked by individual users. This approach will > prevent other sites using your AJAX service however, as they would be > unlikely to be able to fake the referrer provided by their users, which of > course you can detect and then refuse to serve data. > hi halfer, but is the referrer still correct when sending it via js? is the referrer the javascript file itself then or the web page it is accessing? greets, arne _______________________________________________ jQuery mailing list discuss@jquery.com http://jquery.com/discuss/ _______________________________________________ jQuery mailing list discuss@jquery.com http://jquery.com/discuss/