Can http_referer be spoofed

Discussion in 'ASP .Net Security' started by Buddy Ackerman, Mar 2, 2004.

  1. Is there a way to spoof the referer? One security measure that I want to
    implement is checking to make sure that a request came from a page on my
    site. In the same vein is it also possible to spoof the remote_host server
    variable? Would using an encrypted cookie be the best way to secure data
    being passed back and forth between the client and the server?
     
    Buddy Ackerman, Mar 2, 2004
    #1
    1. Advertising

  2. Buddy Ackerman

    Mr Carter Guest

    Rule #1 Never trust anything you get from the user. All data is considered
    harmful until it is validated.

    ie Yes anyone can modify the header and post it back to you.

    Encrypted cookie does not protect the data thats what SSL is for.

    Hope that helps!

    "Buddy Ackerman" <> wrote in message
    news:%...
    > Is there a way to spoof the referer? One security measure that I want to
    > implement is checking to make sure that a request came from a page on my
    > site. In the same vein is it also possible to spoof the remote_host

    server
    > variable? Would using an encrypted cookie be the best way to secure data
    > being passed back and forth between the client and the server?
    >
    >
     
    Mr Carter, Mar 3, 2004
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Elliot M. Rodriguez
    Replies:
    1
    Views:
    647
    bruce barker
    Feb 12, 2004
  2. SStory

    HTTP_REFERER blank

    SStory, Feb 27, 2004, in forum: ASP .Net
    Replies:
    1
    Views:
    2,398
    Eric Lawrence [MSFT]
    Feb 28, 2004
  3. billie

    Build spoofed IP packets

    billie, Oct 4, 2005, in forum: Python
    Replies:
    4
    Views:
    525
    billie
    Oct 6, 2005
  4. alex p
    Replies:
    2
    Views:
    170
    alex p
    Jan 9, 2005
  5. monkeybug07

    Can I set http_referer?

    monkeybug07, Jun 27, 2003, in forum: Javascript
    Replies:
    0
    Views:
    132
    monkeybug07
    Jun 27, 2003
Loading...

Share This Page