Securing PHP Code that Creates Images
This is a discussion on Securing PHP Code that Creates Images within the PHP Language forums, part of the PHP Programming Forums category; .oO(Fox) >Make sure the $HTTP_REFERER is from an "allowed" domain... * It should be $_SERVER['HTTP_REFERER']. * The ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
10-12-2004
|
|||
|
|||
Re: Securing PHP Code that Creates Images
.oO(Fox)
>Make sure the $HTTP_REFERER is from an "allowed" domain... * It should be $_SERVER['HTTP_REFERER']. * The referrer is unreliable. It's not always available and additionally easy to fake. Relying on it for security issues is _really_ stupid. Micha 
|
|
10-12-2004
|
|||
|
|||
|
Re: Securing PHP Code that Creates Images
.oO(Fox)
>Chris Hope wrote: > >> However, you also need to allow the images to be seen if the >> $_SERVER['HTTP_REFERER'] is not set; > >Think about this for a second... no referer, no see... Pretty rude. >it's *my* >bandwidth. I don't need anyone hijacking the scripts for their own purposes. Then you have to think about another solution, using the referrer is none. Micha
|
Linear Mode
