Re: Validating user referring host
From: Jonas Kongslund (dont_at_mail.me.at.all)
Date: 11/20/03
- Next message: Alex Ostrikov: "SpringLayout problem"
- Previous message: Jonas Kongslund: "Re: What is META-INF directory for ?"
- In reply to: Mark F: "Validating user referring host"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Thu, 20 Nov 2003 02:07:34 +0100
Mark F wrote:
> What is the best way to ensure that a user who is entering your
> application can only come to it through a particular server.
Please elaborate on this. I'm not quite sure I understand your question.
> We were using a tomcat
> filter to check the refer string, parsing out the hostname, but that does
> not seem to be reliable.
Indeed, that is not very reliable. Anybody can fake the referer header and
clients are not obligated to send it at all.
See section 10.34 of the HTTP/1.1 specification:
<http://www.w3.org/Protocols/HTTP/1.1/spec.html#Referer>
-- Jonas Kongslund
- Next message: Alex Ostrikov: "SpringLayout problem"
- Previous message: Jonas Kongslund: "Re: What is META-INF directory for ?"
- In reply to: Mark F: "Validating user referring host"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
