Re: Security Issue - Urgent

Christopher K. St. John Mon, 10 Dec 2001 22:39:09 -0800

Vikramjit Singh wrote:
>
> > since this wasn't his audit, he
> > shouldn't have been able to see these details.
>
> check whether the referrer for the page.
> request.getHeader("REFERRER");
>


 (A) request.getHeader('Referer'). Yes, it's supposed
     to be misspelled.

 (B) It's very easy to spoof headers, so checking the
     Referer header doesn't actually provide any
     security.


---
Christopher St. John [EMAIL PROTECTED]
DistribuTopia http://www.distributopia.com

===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST DIGEST".
Some relevant FAQs on JSP/Servlets can be found at:

 http://archives.java.sun.com/jsp-interest.html
 http://java.sun.com/products/jsp/faq.html
 http://www.esperanto.org.nz/jsp/jspfaq.jsp
 http://www.jguru.com/faq/index.jsp
 http://www.jspinsider.com

Re: Security Issue - Urgent

Reply via email to