homepage Welcome to WebmasterWorld Guest from 54.198.42.213
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Subscribe to WebmasterWorld

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
Using SERVER'HTTP REFERER' in login redirect?
Ahkamden




msg:4127793
 9:48 pm on May 5, 2010 (gmt 0)

Hi...I know how it's parsed up there isn't right but when I did a search with correct syntax it stripped some out...

So I wanted to know if there's any major risk in using http_referer for when someone logs in? I've read it can be spoofed but it's only used for members of the script, not admins. Is there a glaring security risk with using this?

 

eelixduppy




msg:4127804
 9:57 pm on May 5, 2010 (gmt 0)

It should be fine. If you want, you can take extra precaution and redirect only within your website, and if it's anywhere else (or the referrer doesn't exist in the first place) redirect to a predefined location.

Ahkamden




msg:4127812
 10:15 pm on May 5, 2010 (gmt 0)

thanks eelix, can you possibly point me in the general direction of how it checks the url to do that?

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved