[thelist] Question about requiring a specific referring URL

Matt Warden mwarden at gmail.com
Thu Mar 3 12:53:49 CST 2005


Jen,

On Thu, 3 Mar 2005 13:41:49 -0500 (EST), Jen Langley <jen at jenlangley.com> wrote:
> It worked, but then if anyone tried to do anything within the File Manager
> (upload a file, etc), they couldn't because they weren't coming *from* the
> original referring page anymore.
> 
> Am I missing something really easy?

I don't think your approach will work. Firstly, because all I have to
do is turn off Javascript. Secondly, the referrer is sent by the
browser, so I could even leave JS on and just send you whatever I want
as the referrer.

If you are restricting this page to your intranet, you should be able
to restrict access by the user's IP address. Failing that, you could
simply password-protect the page, using any number of methods.


-- 
Matt Warden
Miami University
Oxford, OH, USA
http://mattwarden.com


This email proudly and graciously contributes to entropy.


More information about the thelist mailing list