HTTP_REFERER
This is a discussion on HTTP_REFERER within the Linux Web Servers forums, part of the Web Server and Related Forums category; Hi I am not sure if this is right group for this question but it involves knowledge of http protocol ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
11-25-2005
|
|||
|
|||
HTTP_REFERER
Hi
I am not sure if this is right group for this question but it involves knowledge of http protocol etc. I am are working on some kind of flash game. I want to bu sure that user play game from my domain before save scores to file. I can check HTTP_REFERER within a php function but I heard that user can fake HTTP_REFERER So my question is Can user fake HTTP_REFERER under SSL or Can I ensure that file is run under my domain. |
|
11-25-2005
|
|||
|
|||
|
Re: HTTP_REFERER
BastardX <bastardx@op.-rem-it-.pl> wrote:
> Can user fake HTTP_REFERER under SSL Yes. SSL guarantees you a secure data path between your server and the user's browser. It does not give you any ability to trust the user in and of itself. Even authentication only tells you (the server) that the user is probably who they claim to be. Chris |
|
11-25-2005
|
|||
|
|||
|
Re: HTTP_REFERER
> Yes. SSL guarantees you a secure data path between your server and the > user's browser. It does not give you any ability to trust the user in > and of itself. Even authentication only tells you (the server) that the > user is probably who they claim to be. > Thanks Chris Regards |
Linear Mode
