Eric Butera wrote: > > The fact it can be tampered with should be enough to ignore it, right? > Well, no. _anything_ can be tampered with given the right amount of resources. For instance, exactly _when_ an otherwise unbreakable encryption is borken is _only_ a matter of money. How far you go in securing content (or whatever) is purely a matter of how far someone will go in an attempt to overcome your security. To get back on topic, if you're insanely paranoid about people getting access to your content by direct remote links, of course you can't rely on REFERER and you'll have to use a more complex scheme. Otherwise, when you do rely on REFERER, 1) you will be shutting out other insanely paranoid people who do not provide a REFERER and 2) you leave your content available to individuals who forge the REFERER. Personally I think 1) is good and 2) is acceptable. /Per Jessen, Zürich -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
