WebApp Sec mailing list archives
Re: Re: HTTP REFERER not set in Internet Explorer
From: mike () sharecube com
Date: 18 Nov 2005 17:59:57 -0000
Hi Saqib, If you want to track repeat customers, use cookies. If you want to track referers, use unique urls that contain a code that maps to refers in your data base. One twist to cookies that I use is to store a public key of the user. They key is used to encode their password and send a digest. In this way, passwords are never sent (even over an SSL connection). I also never store passwords (only digests). If no cookie is available, I record the fact and encode the password using a general public key. I can then challenge the user. Anyone with a bit of smarts can encrypt a password (just as they could randomly guess at a password), but they cannot steal passwords from the server (none there), or sniff using SSL sniff tools. Mike
Current thread:
- RE: HTTP REFERER not set in Internet Explorer, (continued)
- RE: HTTP REFERER not set in Internet Explorer Richard M. Smith (Nov 17)
- Re: HTTP REFERER not set in Internet Explorer Oleg Lecinski (Nov 17)
- RE: HTTP REFERER not set in Internet Explorer Amichai Shulman (Nov 17)
- RE: HTTP REFERER not set in Internet Explorer Jeff Robertson (Nov 17)
- RE: HTTP REFERER not set in Internet Explorer Einecker, Leah (Nov 17)
- RE: HTTP REFERER not set in Internet Explorer Ory Segal (Nov 17)
- Re: HTTP REFERER not set in Internet Explorer Yutaka OIWA (Nov 17)
- Re: HTTP REFERER not set in Internet Explorer Saqib Ali (Nov 17)
- Re: HTTP REFERER not set in Internet Explorer Yutaka OIWA (Nov 18)
- RE: HTTP REFERER not set in Internet Explorer drm (Nov 17)
- Re: HTTP REFERER not set in Internet Explorer Yutaka OIWA (Nov 17)
- Re: Re: HTTP REFERER not set in Internet Explorer mike (Nov 18)
- Re: Re: HTTP REFERER not set in Internet Explorer Saqib Ali (Nov 21)