Re: [IPCop-devel] Weird problem with Opera...

[Richard L. <ce...@l-...>]

>> As posted earlier, IPCop uses the HTTP-REFERER
>> to make more sure that you're surfing from your own
>> internal box, and some hacker hasn't hijacked the
>> session.
>
>Just how secure is this? Faking the referer isn't difficult (or have I
>missed something?), and it is only an optional header and as we know not all
>browsers send it. One might argue that a security conscious user would turn
>off the referer in their browser.
>
>(I used to use the referer to check for bogus form submissions from a web
>form, and had to change tactic due to the number of failed submisisons
>resulting from the lack of referer header.)

There was a long thread on how this was actually useful on the SW list.

I understood it and it made sense at the time I read it, but I've forgotten
the details completely.

Certainly REFERER can be forged, and not all browsers consistently provide
them based on how you get from URL A to URL B, but in this one case, the
REFERER was a quick hack that made sense in the specific context of its
usage.

All by itself REFERER is useless -- In the context it was used, it helped
verify something useful.

You'd have to dig out the thread from somebody's Unofficial archive of SW
lists, since AFAIK there are no official archives (Grrrr.) of that content.

-- 
Like Music?  http://l-i-e.com/artists.htm
I'm looking for a PRO QUALITY two-input sound card supported by Linux (any
major distro).  Need to record live events (mixed already) to stereo
CD-quality.  Soundcard Recommendations?
Software to handle the recording? Don't need fancy mixer stuff.  Zero (0)
post-production time.  Just raw PCM/WAV/AIFF 16+ bit, 44.1KHz, Stereo
audio-to-disk.