POST method and HTTP-REFER

Discussion in 'ASP .Net Security' started by Jay Janarthanan, Oct 5, 2003.

  1. We have a application which allows other authorized sites to send users to
    our site...when the user is sent to us, user info is sent to us as a hidden
    Form variable and we use the HTTP-REFER variable to make sure the user is
    coming from an approved site. Now I understand the user of HTTP-REFER is not
    a good idea, is there any other ways to validate where a user is coming
    from.

    Jay
    Jay Janarthanan, Oct 5, 2003
    #1
    1. Advertising

  2. Thanks...but we need to know where the user came from. HTTP_REFER is good,
    but some time older browsers don't support it. We found the support around
    96%., but for me the biggest worry is the security and since HTTP_REFER is
    at Layer7, it can be spoofed a lot easily.

    Jay



    "Fredrik Normén www.NSQUARED2.net" <> wrote in message
    news:0e5d01c38b16$6fda8880$...
    You can use the REMOTE_ADDR server variable to get the
    users IP adress and use it instead of HTTP_REFER.
    But the only way to get the page a user came from is with
    the HTTP_REFER..

    /Fredrik Normén NSQUARED2
    http://www.nsquared2.net


    >-----Original Message-----
    >We have a application which allows other authorized sites

    to send users to
    >our site...when the user is sent to us, user info is sent

    to us as a hidden
    >Form variable and we use the HTTP-REFER variable to make

    sure the user is
    >coming from an approved site. Now I understand the user

    of HTTP-REFER is not
    >a good idea, is there any other ways to validate where a

    user is coming
    >from.
    >
    >Jay
    >
    >
    >.
    >
    Jay Janarthanan, Oct 5, 2003
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    6
    Views:
    4,765
    Tor Iver Wilhelmsen
    Aug 29, 2005
  2. James
    Replies:
    3
    Views:
    16,206
    Roedy Green
    Nov 25, 2005
  3. ColinK
    Replies:
    0
    Views:
    511
    ColinK
    Jul 15, 2007
  4. Don Glover the younger

    ASP, FORMS, POST METHOD And Post with out form(???)

    Don Glover the younger, Jul 13, 2003, in forum: ASP General
    Replies:
    0
    Views:
    429
    Don Glover the younger
    Jul 13, 2003
  5. n3d!m

    Http post and http get

    n3d!m, Jan 25, 2012, in forum: Python
    Replies:
    2
    Views:
    325
    n3d!m
    Feb 6, 2012
Loading...

Share This Page