On Jan 31, 2008 2:49 PM, Per Jessen <per@xxxxxxxxxxxx> wrote: > Robert Cummings wrote: > > > Information leakage is a security issue. IMHO referer logging should > > need to be turned on, not off. > > Rob, I appreciate your opinion, but like I said - when Firefox (or MSIE) > switches off REFERER by default, we can talk again. > > It's been a long time, but I seem to recall there was a version of either Netscape or IE (pretty mainstream) around v4 that did not send it. I was setting up one of those wonderful little formmail scripts that used REFERER to determine whether you were allowed to submit to the form, and was bugged at why I kept getting messages saying I wasn't authorized when I know I came from an "authorized" page. Turns out, the value of REFERER was blank. Andrew -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
