[dev] Fwd: [Bug 1246] New - session hijacking using referer URL

Jan Schneider jan at horde.org
Wed May 14 08:46:29 PDT 2003


Zitat von Chuck Hagenbuch <chuck at horde.org>:

> Quoting Mike Cochrane <mike at graftonhall.co.nz>:
>
> > This has be discussed a number of times that I remember, may have been
> in
> > #horde and not the list. But a 'de-referer' would definatly be useful
> for
> > external links.
>
> Okay - I don't see strong reasons not to go that way. What about
> protecting
> the dereferrer from abuse? Or is that not a concern (use from outside
> Horde)?

I don't think that would be a problem, and I can't see how to let the
dereferer know that the user comes from Horde without tacking another
hijackable information.

Jan.

--
http://www.horde.org - The Horde Project
http://www.ammma.de - discover your knowledge
http://www.tip4all.de - Deine private Tippgemeinschaft


More information about the dev mailing list