It's thoroughly unreliable even if not spoofed. Some browsers won't set it, some proxies will mask it or strip it out.
Jaime Metcher > -----Original Message----- > From: Eric J. Hoffman [mailto:[EMAIL PROTECTED] > Sent: Wednesday, 9 May 2007 1:02 PM > To: CF-Talk > Subject: RE: defeating offline form posts > > > That's where I started....but the thing is, I think they can spoof that > variable? Or not? > > > > -------------------------------------------------------- > > > Eric J. Hoffman > Managing Partner > 2081 Industrial Blvd > StillwaterMN55082 > mail: [EMAIL PROTECTED] > www: http://www.ejhassociates.com > tel: 651.717.4105 > fax: 651.717.4101 > mob: 651.245.2717 > Adobe Solutions Partner > Microsoft Certified Partner > > -------------------------------------------------------- > > This message contains confidential information and is intended > only for [EMAIL PROTECTED] If you are not > cf-talk@houseoffusion.com you should not disseminate, distribute > or copy this e-mail. Please notify [EMAIL PROTECTED] > immediately by e-mail if you have received this e-mail by mistake > and delete this e-mail from your system. E-mail transmission > cannot be guaranteed to be secure or error-free as information > could be intercepted, corrupted, lost, destroyed, arrive late or > incomplete, or contain viruses. Eric J. Hoffman therefore does > not accept liability for any errors or omissions in the contents > of this message, which arise as a result of e-mail transmission. > If verification is required please request a hard-copy version. > -------------------------------------------------------- > > -----Original Message----- > > From: AJ Mercer [mailto:[EMAIL PROTECTED] > Sent: Tuesday, May 08, 2007 9:53 PM > To: CF-Talk > Subject: Re: defeating offline form posts > > Have a look at the CGI variables > in particular CGI.HTTP_REFERER > This is the page before the current one - it should have your server > details > in there, other wise discard. > > > On 5/9/07, Eric J. Hoffman <[EMAIL PROTECTED]> wrote: > > > > Curious question here. If I think about this, if someone takes a > form > > of ours for login, for example, and makes a local copy on their > > machine....and they set the post action to be the live server > > authenticate file....what is the best way to detect this and defeat > it? > > Noone has ever gained access this way as of yet, but we are studying > > possibilities, and this seems to me to be an attack vector. > > > > > > > > Any thoughts? A check to see if the referrer was the domain > > name/login file name? Or can that be spoofed as well then? > > > > > > > > Thanks~! > > > > -------------------------------------------------------- > > > > > > Eric J. Hoffman > > Managing Partner > > 2081 Industrial Blvd > > StillwaterMN55082 > > mail: [EMAIL PROTECTED] > > www: http://www.ejhassociates.com > > tel: 651.717.4105 > > fax: 651.717.4101 > > mob: 651.245.2717 > > Adobe Solutions Partner > > Microsoft Certified Partner > > > > -------------------------------------------------------- > > > > This message contains confidential information and is intended only > for > > [EMAIL PROTECTED] If you are not cf-talk@houseoffusion.com > you > > should not disseminate, distribute or copy this e-mail. Please notify > > [EMAIL PROTECTED] immediately by e-mail if you have received > this > > e-mail by mistake and delete this e-mail from your system. E-mail > > transmission cannot be guaranteed to be secure or error-free as > information > > could be intercepted, corrupted, lost, destroyed, arrive late or > incomplete, > > or contain viruses. Eric J. Hoffman therefore does not accept > liability for > > any errors or omissions in the contents of this message, which arise > as a > > result of e-mail transmission. If verification is required please > request a > > hard-copy version. > > -------------------------------------------------------- > > > > > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Macromedia ColdFusion MX7 Upgrade to MX7 & experience time-saving features, more productivity. http://www.adobe.com/products/coldfusion?sdid=RVJW Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:277374 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
