On Mon, 10 Dec 2001 18:43:55 +1100, da Silva, Joe wrote: > Hi folks.
> I have a question about referrer security, which hopefully someone > here can answer ... > I have been told this stuff is implemented by the web site asking > the web client (PC), what was the last entry in the client's cache > or history. Is this true, and if so, can the web site request more > than just the last entry in the client's cache or history? In other > words, how much of a security risk is this referrer stuff? AFAIK, It is not a "security risk". It is a "security help" by preventing "remote linking" of files. HTTPreferrer does not look into your cache. Your browser tells the site your are requesting... which site your are currently on. To test it with Arachne... turn-off HTTPreferrer and try to get any of the ZIP files from my D/L page. (link in my signature) Even tho you are linking to the file from my page... you'll get the "no remote linking allowed" warning page from Angelfire. Now turn-on HTTPreferrer and you'll be able to D/L the file. -- Glenn http://arachne.cz/ http://freedos-32.sourceforge.net/ http://www.delorie.com/listserv/mime/ http://www.angelfire.com/id/glenndoom/download.htm
