>>>>> "Henri" == Henri Torgemane <metal_hurlantat_private> writes: Henri> But if it is done right (i.e.: you're explicitely specifying Henri> which files don't need a REFERRER check, rather than trying Henri> to keep a list of every script that needs it), I believe it Henri> can provide instant CSS protection without having to audit Henri> all these server scripts right away. While we are at it, let's not forget that Referer is a privacy breach on it own. And those who use junkbuster never send referer headers. So be careful when recommending referer as a remedy, it might hit security conscious types. Bye Greg P.S. Yeah, one can configure junkbuster to send referer header to certain sites but it's a hassle.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:34:00 PDT