By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
438,541 Members | 1,109 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 438,541 IT Pros & Developers. It's quick & easy.

Validating user referring host

P: n/a
What is the best way to ensure that a user who is entering your application
can only come to it through a particular server. We were using a tomcat
filter to check the refer string, parsing out the hostname, but that does
not seem to be reliable.

Your suggestions and comments are appreciated.

-Mark


-----= Posted via Newsfeeds.Com, Uncensored Usenet News =-----
http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
-----== Over 100,000 Newsgroups - 19 Different Servers! =-----
Jul 17 '05 #1
Share this Question
Share on Google+
1 Reply


P: n/a
Mark F wrote:
What is the best way to ensure that a user who is entering your
application can only come to it through a particular server.
Please elaborate on this. I'm not quite sure I understand your question.
We were using a tomcat
filter to check the refer string, parsing out the hostname, but that does
not seem to be reliable.


Indeed, that is not very reliable. Anybody can fake the referer header and
clients are not obligated to send it at all.

See section 10.34 of the HTTP/1.1 specification:
<http://www.w3.org/Protocols/HTTP/1.1/spec.html#Referer>

--
Jonas Kongslund
Jul 17 '05 #2

This discussion thread is closed

Replies have been disabled for this discussion.