homepage Welcome to WebmasterWorld Guest from 50.19.172.0
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
Using SERVER'HTTP REFERER' in login redirect?
Ahkamden

5+ Year Member



 
Msg#: 4127791 posted 9:48 pm on May 5, 2010 (gmt 0)

Hi...I know how it's parsed up there isn't right but when I did a search with correct syntax it stripped some out...

So I wanted to know if there's any major risk in using http_referer for when someone logs in? I've read it can be spoofed but it's only used for members of the script, not admins. Is there a glaring security risk with using this?

 

eelixduppy

WebmasterWorld Senior Member eelixduppy us a WebmasterWorld Top Contributor of All Time 5+ Year Member



 
Msg#: 4127791 posted 9:57 pm on May 5, 2010 (gmt 0)

It should be fine. If you want, you can take extra precaution and redirect only within your website, and if it's anywhere else (or the referrer doesn't exist in the first place) redirect to a predefined location.

Ahkamden

5+ Year Member



 
Msg#: 4127791 posted 10:15 pm on May 5, 2010 (gmt 0)

thanks eelix, can you possibly point me in the general direction of how it checks the url to do that?

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved