On Tue, Jun 19, 2001 at 03:44:10PM +0200, Henrik Nordstrom wrote: > peterwat_private wrote: > > > Folks are missing the point on the Referer check that I suggested. > > I intentionally selected to not go down that path in my message as there > are quite a bit of pitfalls with Referer, and it can easily be > misunderstood allowing the application designer falsely think they have > done a secure design using Referer. Henrik, You also revealed your lack of understanding the Referer check logic when you wrote "It is well known that Referer can be forged, and to further add to this some browsers preserve Referer when following redirects, allowing this kind of attacks to bypass any Referer check if your users follows URL's (direct or indirect via images) posted by other users or even your own staff when linking to external sites." Neither forging Referers nor preserving Referers across redirects threatens the model I suggested. > Also, as shown earlier in the thread, using Referer may render the > service less useful for some people. There are people who filter out > Referer from their HTTP traffic becuase there is too many bugs in > user-agents showing Referer to things it should not expose externally. I mentioned that myself, as you may recall. As for recommending one-time tickets, we agree there. All this chatter about Referer checks amounts to two things: - some folks not understanding the model - folks legitiately disagreeing on the number of user who might be locked out by a Referer check. -Peter Web applications designer and Squid user :-)
This archive was generated by hypermail 2b30 : Tue Jun 19 2001 - 14:07:55 PDT