Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Netscape Referer header considered harmful?
From: ericm () LNE COM (Eric Murray)
Date: Wed, 6 Aug 1997 12:47:49 -0700


Ronald L. Parker writes:
I found something I consider mildly disturbing while browsing my
referer log stats today.  Viewers to our site today have been referred
from the following URLs:

file:///Hard%20Disk/System%20Folder/Preferences/Netscape%20%C4/Bookmar
s.html
file:C:\NETSCAPE\COMM\PROGRAM\USERS\DEFAULT\BOOKMARK.HTM
file:///molly's%20bookmarks/molly's%20bookmarks

As you can see, this is a cross-platform problem.  What I don't know
is whether these were sent by people just picking the bookmark from
the dropdown or by people using their bookmarks file as a home page.
Not having Communicator myself, and not planning to get it any time
soon, I can't test this.  In any case, file: URLs should be private.

[why leaking Referrer is bad]


Check out my 'cookie jar' program.  It blocks cookies, ads
and Referrer (and it'll lie about User-Agent if you wish).

http://www.lne.com/ericm/cookie_jar/

--
Eric Murray  Chief Security Scientist  N*Able Technologies  www.nabletech.com
(email:  ericm  at  lne.com   or   nabletech.com)          PGP keyid:E03F65E5



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]