Bugtraq mailing list archives
Re: Netscape Referer header considered harmful?
From: ericm () LNE COM (Eric Murray)
Date: Wed, 6 Aug 1997 12:47:49 -0700
Ronald L. Parker writes:
I found something I consider mildly disturbing while browsing my referer log stats today. Viewers to our site today have been referred from the following URLs: file:///Hard%20Disk/System%20Folder/Preferences/Netscape%20%C4/Bookmar s.html file:C:\NETSCAPE\COMM\PROGRAM\USERS\DEFAULT\BOOKMARK.HTM file:///molly's%20bookmarks/molly's%20bookmarks As you can see, this is a cross-platform problem. What I don't know is whether these were sent by people just picking the bookmark from the dropdown or by people using their bookmarks file as a home page. Not having Communicator myself, and not planning to get it any time soon, I can't test this. In any case, file: URLs should be private.
[why leaking Referrer is bad] Check out my 'cookie jar' program. It blocks cookies, ads and Referrer (and it'll lie about User-Agent if you wish). http://www.lne.com/ericm/cookie_jar/ -- Eric Murray Chief Security Scientist N*Able Technologies www.nabletech.com (email: ericm at lne.com or nabletech.com) PGP keyid:E03F65E5
Current thread:
- Re: SSH LocalForward Sevo Stille (Aug 02)
- <Possible follow-ups>
- Re: SSH LocalForward Sevo Stille (Aug 03)
- Re: SSH LocalForward long-morrow () CS YALE EDU (Aug 03)
- Re: SSH LocalForward Kyle Amon (Aug 04)
- Netscape Referer header considered harmful? Ronald L. Parker (Aug 04)
- Re: Netscape Referer header considered harmful? Eric Murray (Aug 06)
- Re: SSH LocalForward Bryan Andregg (Aug 05)
- SGI Security Advisory 19970509-02-PX - IRIX ordist Buffer Overrun SGI Security Coordinator (Aug 05)
- IMAPd scans Steve Herman (Aug 06)
- XFREE86 can block reserved ports Willy TARREAU (Aug 06)
- Re: XFREE86 can block reserved ports Alex Belits (Aug 06)
- Re: SSH LocalForward Kyle Amon (Aug 04)