That's fine. Typically, I'd do:
cfif not findnocase(The Referring Page URL, cgi.http_referer)
Do some stuff
/cfif
On Mon, Jun 10, 2013 at 1:48 AM, Kevin Parker tras...@internode.on.netwrote:
I'd be most grateful for little bit of advice or comment on best security
practice here please.
I
You should be aware that referer will not always exist. Many anti malware
apps or browser plugins block it.
Russ Michaels
www.michaels.me.uk
On 10 Jun 2013 06:48, Kevin Parker tras...@internode.on.net wrote:
I'd be most grateful for little bit of advice or comment on best security
practice
I am coding a little system and I need to check where the user came from
i.e. the user is coming from a given page on the site for security reasons
etc. I scripted in some CGI.HTTP_REFERER checks but this was falling.
This is not suitable for security checks, as the client can send
whatever
CGI.HTTP_REFERER
Note the single "r" in referer.
I find the referer variable flakey and different OS's and Web Servers all a
little different in the way the expose it.
If you run into problems, try javascript instead, ie: stick this at the
bottom of your template after your CF processing:
Will,
Use the variable CGI.http_referer (ie
cfoutput#cgi.http_referer#/cfoutput )
Remember this won't work if the user typed the address in the URL bar rather
than clicking a link...
Ed Zahurack believes this to a security hole - depends what you are using it
for IMO, go see:
CTED]
Sent: Saturday, November 18, 2000 8:30 AM
Subject: RE: HTTP Referrer
Will,
Use the variable CGI.http_referer (ie
cfoutput#cgi.http_referer#/cfoutput )
Remember this won't work if the user typed the address in the URL bar
rather
than clicking a link...
Ed Zahurack believes this to a sec
Will,
Use the variable CGI.http_referer (ie
cfoutput#cgi.http_referer#/cfoutput )
Remember this won't work if the user typed the address in the URL bar
rather
than clicking a link...
Ed Zahurack believes this to a security hole - depends what you are using
it
for IMO, go see:
Will,
Relying on the referer to take a user back after loggin in is Not A Good
Idea(tm). Microsoft's IIS does not send the http_referer when not in a
secure section of a site (e.g. https://) Here is the microsoft article that
tells of their reasoning...
Relying on the referer to take a user back after loggin in is Not A Good
Idea(tm). Microsoft's IIS does not send the http_referer when not in a
secure section of a site (e.g. https://) Here is the microsoft article
that
tells of their reasoning...
the page in question at the
same time as you verify the username and password.
Jim
-Original Message-
From: W Luke [EMAIL PROTECTED]
To: CF-Talk [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED] [EMAIL PROTECTED]
Date: Saturday, November 18, 2000 10:59 AM
Subject: Re: HTTP Referrer
Relying
ubject: Re: HTTP Referrer
Will,
Use the variable CGI.http_referer (ie
cfoutput#cgi.http_referer#/cfoutput )
Remember this won't work if the user typed the address in the URL bar
rather
than clicking a link...
Ed Zahurack believes this to a security hole - depends what you are using
it
f
11 matches
Mail list logo
