> -----Original Message----- > From: ian [mailto:[EMAIL PROTECTED]
> which says, if it's not blank, and doesn't come from ...quux-corp..., then > forbid access. However, one could have a blank referrer and gain access to > *.gif. It makes no mention of what to do if the referrer _is_ blank. TO > correct this problem, I made the following modification to line 2: In addition, I should point out that you shouldn't be using this for real security. It is just as easy for the client to fake http://www.quux-corp.de/~quux/ in the browser as it is for him to fake a blank browser. This technique should only be used to stop people from inlining images. In that case, the person doing the inlining does not have control over the browsers, since they are the visitors to his site. Therefore you need only block the basic cases. If you try to block every single case, you will wind up with a site that does not work for many people, plus you won't really have security anyway. Joshua. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
