mailing list archives
Re: never-ending Referer arguments (The Dangers of Allowing Users to Post Images)
From: Peter W <peterw () usa net>
Date: Tue, 19 Jun 2001 12:47:12 -0400
On Tue, Jun 19, 2001 at 03:44:10PM +0200, Henrik Nordstrom wrote:
peterw () usa net wrote:
Folks are missing the point on the Referer check that I suggested.
I intentionally selected to not go down that path in my message as there
are quite a bit of pitfalls with Referer, and it can easily be
misunderstood allowing the application designer falsely think they have
done a secure design using Referer.
You also revealed your lack of understanding the Referer check logic when
you wrote "It is well known that Referer can be forged, and to further add
to this some browsers preserve Referer when following redirects, allowing
this kind of attacks to bypass any Referer check if your users follows URL's
(direct or indirect via images) posted by other users or even your own staff
when linking to external sites." Neither forging Referers nor preserving
Referers across redirects threatens the model I suggested.
Also, as shown earlier in the thread, using Referer may render the
service less useful for some people. There are people who filter out
Referer from their HTTP traffic becuase there is too many bugs in
user-agents showing Referer to things it should not expose externally.
I mentioned that myself, as you may recall.
As for recommending one-time tickets, we agree there.
All this chatter about Referer checks amounts to two things:
- some folks not understanding the model
- folks legitiately disagreeing on the number of user who might be
locked out by a Referer check.
Web applications designer and Squid user :-)
RE: The Dangers of Allowing Users to Post Images Richard M. Smith (Jun 15)