On Fri, Feb 22, 2008 at 9:34 AM, Guilherme Blanco <[EMAIL PROTECTED]> wrote: > Just one point... > > NEVER trust HTTP_REFERER. > > You can change the HTTP_REFERER in a simple curl request. > I didn't read the thread entirely, but suggest a user to check for > referer is never a good thing. >
Right, you can't trust the referer if you fear scripted attacks. John, is that what you were talking about, or was it something more abstract and seo-related? I was picturing people using the open redirect to take advantage of your page rank by causing your site to link to theirs. -- Chris Snyder http://chxo.com/ _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php
