Can http_referer be spoofed

B

Buddy Ackerman

Is there a way to spoof the referer? One security measure that I want to
implement is checking to make sure that a request came from a page on my
site. In the same vein is it also possible to spoof the remote_host server
variable? Would using an encrypted cookie be the best way to secure data
being passed back and forth between the client and the server?
 
M

Mr Carter

Rule #1 Never trust anything you get from the user. All data is considered
harmful until it is validated.

ie Yes anyone can modify the header and post it back to you.

Encrypted cookie does not protect the data thats what SSL is for.

Hope that helps!
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Is it possible to program a peer-to-peer network where you can customize your own client and server IP addresses? like radios on the same Hz 1
Beginner's Guide to getting CipherSweet working with PDO and MYSQL 1
Using ASP HTTP_REFERER server variable to choose between 2 differentincludes files? 2
Request.ServerVariables("HTTP_REFERER") contains nothing; why? 4
Get HTTP_REFERER in popup 4
Hit redirection & HTTP_REFERER 1
how can I change the http_referer when using response.redirect 2
I'm tempted to quit out of frustration 1

Members online

Total: 34 (members: 1, guests: 33)
Robots: 632

Forum statistics

Threads
473,769
Messages
2,569,582
Members
45,057
Latest member
KetoBeezACVGummies

Latest Threads

Top