Menu
▾
▴
[Nms-cgi-devel] [ nms-cgi-Feature Requests-614000 ] Better referer check in formmail
|
From: SourceForge.net <no...@so...> - 2004-07-14 10:28:14
|
Feature Requests item #614000, was opened at 2002-09-24 19:24 Message generated for change (Comment added) made by gellyfish You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=425772&aid=614000&group_id=39625 Category: None Group: None >Status: Closed Priority: 5 Submitted By: Lochmatter Thomas (lochmatter) Assigned to: Nobody/Anonymous (nobody) Summary: Better referer check in formmail Initial Comment: For a "secure" referer check, the formmail script should download the original html file with the form and compare some of the submitted information, namely the receiver email address. As it is widely known, the referer can be easily changed by a hacker and a simple referer check only makes it a bit more difficult to misuse the formmail script, but still possible. Could you implement this check in your script? - Thomas Lochmatter ---------------------------------------------------------------------- >Comment By: Jonathan Stowe (gellyfish) Date: 2004-07-14 10:28 Message: Logged In: YES user_id=313586 We don't believe the referer check is a particularly strong security measure in the first place and its usefullness is being eroded by the use of personal firewalls that commonly block the Referer information. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=425772&aid=614000&group_id=39625 |
