> The discussion is about preventing the users machine being "attacked" > unknowingly. A user faking a referer themselves isn't going to be a problem, > as not only would they be authorizing the action, but they'd be going out of > their way to make sure it got through. Read up on the first post to see what > this discussion is actually about. Popular software that strips out Referer headers is utilised by many users. They're not faking the Referer, but they're certainly not sending it. So, again, relying on that header for pretty much anything is not much of an idea. jason
- Cross-Site Request Forgeries (Re: The Dangers of... Peter W
- Re: Cross-Site Request Forgeries (Re: The D... Chris Lambert
- Re: The Dangers of Allowing Users to Post Images Chris Lambert
- Re: The Dangers of Allowing Users to Post I... Ryan Kennedy
- Re: The Dangers of Allowing Users to Post Images Chris Lambert
- Re: The Dangers of Allowing Users to Post Images David Dreezer
- Re: The Dangers of Allowing Users to Post Images Chris Lambert
- Re: The Dangers of Allowing Users to Post Images Chris Lambert
- Re: The Dangers of Allowing Users to Post I... Peter W
- Re: The Dangers of Allowing Users to Po... Jason Brooke
- Re: The Dangers of Allowing Users to Post Images Dmitry Yu. Bolkhovityanov
- Re: The Dangers of Allowing Users to Post Images Henrik Nordstrom
- Re: The Dangers of Allowing Users to Post Images John Percival
- Re: The Dangers of Allowing Users to Post I... Michal Szokolo
- Re: The Dangers of Allowing Users to Po... Travis Siegel
- Re: The Dangers of Allowing Users to Post I... Jeffrey W. Baker
