NYCPHP Meetup

NYPHP.org

[nycphp-talk] javascript calling php function

csnyder chsnyder at gmail.com
Fri Feb 22 10:09:35 EST 2008


On Fri, Feb 22, 2008 at 9:34 AM, Guilherme Blanco
<guilhermeblanco at gmail.com> wrote:
> Just one point...
>
>  NEVER trust HTTP_REFERER.
>
>  You can change the HTTP_REFERER in a simple curl request.
>  I didn't read the thread entirely, but suggest a user to check for
>  referer is never a good thing.
>

Right, you can't trust the referer if you fear scripted attacks.

John, is that what you were talking about, or was it something more
abstract and seo-related?

I was picturing people using the open redirect to take advantage of
your page rank by causing your site to link to theirs.

-- 
Chris Snyder
http://chxo.com/



More information about the talk mailing list