Robert Cummings wrote: > On Thu, 2008-01-31 at 15:10 -0500, Robert Cummings wrote: >> On Thu, 2008-01-31 at 20:49 +0100, Per Jessen wrote: >> > Robert Cummings wrote: >> > >> > > Information leakage is a security issue. IMHO referer logging >> > > should need to be turned on, not off. >> > >> > Rob, I appreciate your opinion, but like I said - when Firefox (or >> > MSIE) switches off REFERER by default, we can talk again. >> >> Lol, this is an open discussion. I post for all to read, not just >> you. > > FWIW BTW, they will probably never switch it off for the same reason > Windows isn't locked down properly by default. Too many dumb users > would cry WTF and wouldn't understand the answer. As such the simplest > solution is to leave users exposed rather than educating them. I'm certain they'll never switch it off by default. Well, at least not until we have a new HTTP spec that specifically deprecates REFERER. I won't hold my breath :-) /Per Jessen, Zürich -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
