trying to crack my own system

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

User avatar
trukfixer
Forum Contributor
Posts: 174
Joined: Fri May 21, 2004 3:14 pm
Location: Miami, Florida, USA

Post by trukfixer »

RaH wrote:Why not just use referrals? You could test for spoofing by inserting a session id into the referral url, and then test for validity of sess id. if you are serving up a few megs of photos to a few hundred users, the impact of that loop could DoS you.
http_referer is useless - it is easily spoofed, and not all browsers or clients even *SEND* the referer.. I never use it for any kind of checking or security *at all*
Post Reply