Re: HTTP_REFERER

It's probably a good thing you can't access it. {grin}

REFERER is not to be trusted. Fine to use it as a hint. Fine to log it. But do not do anything with it other than look at it.

Some security firewalls strip it routinely
Some browsers send incorrect values
It's trivial to forge

If you find yourself uttering "control" or "security" or "verify" in the same sentence as REFERER, please stop yourself now. Don't make me come over there! {grin}

-- Randal L. Schwartz, Perl hacker

Comment on Re: HTTP_REFERER

Replies are listed 'Best First'.
RE: Re: HTTP_REFERER by Anonymous Monk on Aug 16, 2000 at 09:52 UTC
I am not using this for any security measures and am aware of the risks involved. I am only using the script to get a rough idea of where people who come to a site (low hit count) are entering from. I view the file every once and awhile. I was also testing the concept of a web bug. Those annoying pixel sized images that some companies are using to get data on a user. The concept is very simple and my script helped me learn how it is done. Thanks for the help and concern for others privacy.	[reply]

Replies are listed 'Best First'.

RE: Re: HTTP_REFERER
by Anonymous Monk on Aug 16, 2000 at 09:52 UTC

I am not using this for any security measures and am aware of the risks involved. I am only using the script to get a rough idea of where people who come to a site (low hit count) are entering from. I view the file every once and awhile. I was also testing the concept of a web bug. Those annoying pixel sized images that some companies are using to get data on a user. The concept is very simple and my script helped me learn how it is done. Thanks for the help and concern for others privacy.

[reply]