Bugtraq mailing list archives

Re: The Dangers of Allowing Users to Post Images

From: "Jason Brooke" <jb () qgl org>
Date: Sun, 17 Jun 2001 12:01:26 +1000

The discussion is about preventing the users machine being "attacked"
unknowingly. A user faking a referer themselves isn't going to be a problem,
as not only would they be authorizing the action, but they'd be going out of
their way to make sure it got through. Read up on the first post to see what
this discussion is actually about.


Popular software that strips out Referer headers is utilised by many users.
They're not faking the Referer, but they're certainly not sending it. So, again,
relying on that header for pretty much anything is not much of an idea.

jason

Current thread:

Re: The Dangers of Allowing Users to Post Images, (continued)
- Re: The Dangers of Allowing Users to Post Images Ben Gollmer (Jun 15)
- Cross-Site Request Forgeries (Re: The Dangers of Allowing Users to Post Images) Peter W (Jun 15)
  - Re: Cross-Site Request Forgeries (Re: The Dangers of Allowing Users to Post Images) Chris Lambert (Jun 15)
    - Re: Cross-Site Request Forgeries (Re: The Dangers of Allowing Users to Post Images) Peter W (Jun 15)
- Re: The Dangers of Allowing Users to Post Images David Dreezer (Jun 15)
- Re: The Dangers of Allowing Users to Post Images Chris Lambert (Jun 15)
  - Re: The Dangers of Allowing Users to Post Images Ryan Kennedy (Jun 16)
- Re: The Dangers of Allowing Users to Post Images Chris Lambert (Jun 15)
- Re: The Dangers of Allowing Users to Post Images Chris Lambert (Jun 15)
  - Re: The Dangers of Allowing Users to Post Images Peter W (Jun 16)
    - Message not available
    - Message not available
    - Re: The Dangers of Allowing Users to Post Images Jason Brooke (Jun 18)
- Re: The Dangers of Allowing Users to Post Images Chris Lambert (Jun 15)
- Re: The Dangers of Allowing Users to Post Images Dmitry Yu. Bolkhovityanov (Jun 18)