[nycphp-talk] javascript calling php function
csnyder
chsnyder at gmail.com
Fri Feb 22 10:09:35 EST 2008
On Fri, Feb 22, 2008 at 9:34 AM, Guilherme Blanco
<guilhermeblanco at gmail.com> wrote:
> Just one point...
>
> NEVER trust HTTP_REFERER.
>
> You can change the HTTP_REFERER in a simple curl request.
> I didn't read the thread entirely, but suggest a user to check for
> referer is never a good thing.
>
Right, you can't trust the referer if you fear scripted attacks.
John, is that what you were talking about, or was it something more
abstract and seo-related?
I was picturing people using the open redirect to take advantage of
your page rank by causing your site to link to theirs.
--
Chris Snyder
http://chxo.com/
More information about the talk
mailing list