We actually just use Google for this, via URLs like http://www.google.com/url?sa=D&q=http%3A%2F%2Fseleniumhq.org%2F
.
--David
On Jun 8, 2009, at 10:00 PM, Allen Tom wrote:
SitG Admin wrote:
It could also detect people who are browsing through proxies (or
modified browsers) to strip the referer information for their
privacy.
Many organizations run proxies to strip the referrer from outgoing
requests because of privacy issues.
Also, checking that the referrer's domain matches the return_to
could be problematic for RPs that run multiple domains, but have a
centralized OpenID RP service. Another problematic scenario is where
the RP integrates with a 3rd party to implement OpenID
authentication, such as Janrain's RPX or Google Friend Connect.
Allen
_______________________________________________
security mailing list
[email protected]
http://openid.net/mailman/listinfo/security
_______________________________________________
security mailing list
[email protected]
http://openid.net/mailman/listinfo/security
