Msg#: 4127791 posted 9:48 pm on May 5, 2010 (gmt 0)
Hi...I know how it's parsed up there isn't right but when I did a search with correct syntax it stripped some out...
So I wanted to know if there's any major risk in using http_referer for when someone logs in? I've read it can be spoofed but it's only used for members of the script, not admins. Is there a glaring security risk with using this?
Msg#: 4127791 posted 9:57 pm on May 5, 2010 (gmt 0)
It should be fine. If you want, you can take extra precaution and redirect only within your website, and if it's anywhere else (or the referrer doesn't exist in the first place) redirect to a predefined location.