On Mon, Dec 10, 2001 at 06:43:55PM +1100, da Silva, Joe wrote: > I have a question about referrer security, which hopefully someone > here can answer ... > > I have been told this stuff is implemented by the web site asking > the web client (PC), what was the last entry in the client's cache > or history. Is this true, and if so, can the web site request more > than just the last entry in the client's cache or history? In other > words, how much of a security risk is this referrer stuff?
The webserver doesn't request nothing. The webbrowser (client) adds another request header to it's request. Normally a HTTP request looks like this GET / HTTP/1.1 Host: www.arachne.cz User-Agent: SomeBrowser (BLABLA; BLA; BLA) Referer: http://www.google.com/ That's all. The server can't reach further back in the history as it has no control at all over referer's -- Cliff Albert | RIPE: CA3348-RIPE | www.oisec.net [EMAIL PROTECTED] | 6BONE: CA2-6BONE | icq 18461740
