Vulnerability Development mailing list archives
Re: The Hazard of using 'printer friendly' functions on commercial sites
From: Tim Morgan <tmorgan-security () kavi com>
Date: Mon, 29 Apr 2002 17:10:55 -0700
A possible workaround is to check the referrer. If it is not empty (link sent by mail,...) or does not come from your web, just link to the normal page (with the ads ;-) )
This would work for some browsers, but if I were to use one that refused to send referrers, then I would never be able to use the printer-friendly version. In addition, if I felt like being tricky, I could always set up a proxy or something that tacked on a referrer to that site. (If i really wanted to go to the trouble for such a petty thing.) Mainly I just want to be sure people understand that referrer can't be relied upon for much. Certainly not for any security. This horse has probably been beat past death already though. For this application, since it doesn't really matter much, then it might be feasible. tim
Current thread:
- The Hazard of using 'printer friendly' functions on commercial sites Max Kennedy (Apr 29)
- RE: The Hazard of using 'printer friendly' functions on commercial sites Thierry De Leeuw (Apr 29)
- Re: The Hazard of using 'printer friendly' functions on commercial sites Tim Morgan (Apr 29)
- Re: The Hazard of using 'printer friendly' functions on commercial sites Simon Tamás (Apr 30)
- Re: The Hazard of using 'printer friendly' functions on commercial sites Tim Morgan (Apr 29)
- Re: The Hazard of using 'printer friendly' functions on commercial sites xm (Apr 29)
- RE: The Hazard of using 'printer friendly' functions on commercial sites Thierry De Leeuw (Apr 29)