On 03/30/2011 04:03 AM, Gaurav Kalia wrote:
May still allow an attacker to spoof the dns name - or are you using
an ip address?
Yes attacker can spoof the DNS but match pattern with not allow the
request to go through as it will check the referer with our own DNS.
I guess referer contains the DNS from which the request is coming not
the DNS on which application is deployed.
Please suggest if i am wrong.
Referrer is user provided data. It can be easily spoofed. You should not
use the referrer for any sort of security.
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscr...@lenya.apache.org
For additional commands, e-mail: user-h...@lenya.apache.org
