On 15 Sep 98, at 9:20, Bruce Young wrote:
> >The rerferer can be spoofed; it's not foolproof.
>
> This is what I was after. I'm aware of all the environment variables but I
> wasn't sure what I could rely on to provide some semblance of security for
> the script. If you could send me a private email outlining the general
> method that the spoofing is done by I would then be more aware of what to
> lookout for and guard against. I don't need hacker lessons, just need to be
> made more aware.
Look at Mike Stone's response; great answer. I don't know whether
.htaccess will work on NT but it should. If it doesn't then there
must be a similar concept.
I don't know how to do the spoofing -- never had a reason to learn.
I know it is possible because I once sent emails to everyone based on
the referer. I deleted a file from my server. I then intercepted
the errror response. I would send an email to the webmaster at the
site indicated by the referer. That was a lot of fun. One time a guy
in Atlanta called me on the phone. A lot of knowledgeable webmasters
replied that the referer could not be counted on. Apparently a lot
of "spam spiders" were requesting that page and they were using all
sorts of "referers".
Peter
____________________________________________________________________
--------------------------------------------------------------------
Join The Web Consultants Association : Register on our web site Now
Web Consultants Web Site : http://just4u.com/webconsultants
If you lose the instructions All subscription/unsubscribing can be done
directly from our website for all our lists.
---------------------------------------------------------------------
