http_referer is useless - it is easily spoofed, and not all browsers or clients even *SEND* the referer.. I never use it for any kind of checking or security *at all*RaH wrote:Why not just use referrals? You could test for spoofing by inserting a session id into the referral url, and then test for validity of sess id. if you are serving up a few megs of photos to a few hundred users, the impact of that loop could DoS you.
trying to crack my own system
Moderator: General Moderators
- trukfixer
- Forum Contributor
- Posts: 174
- Joined: Fri May 21, 2004 3:14 pm
- Location: Miami, Florida, USA