1. Home

Moderators (requests and notices)

You are reading a single comment by @Velocio and its replies. Click here to read the full conversation.

  • No. I think I made that clear in my post.

    If you falsify headers in order to access a file, does that constitute unauthorised use of a computer network? Dunno, ask a lawyer. I haven't studied the relevant laws in enough detail to have a worthwhile opinion on that question, but falsifying headers doesn't seem very different from using a password not issued to you by the owner of the service.

    But that's my point right there... referrer headers aren't good enough to be trusted. They don't even need to be falsified, because if the site that had the link is on SSL then the header won't even be sent.

    It's not an authentication mechanism, and you shouldn't use it to derive authorisation.

About

Avatar for Velocio @Velocio started

About Terms of Use Privacy Policy Cookie Policy Report a problem