Philip Ronan wrote:
On 03.7.28 11:25 AM, Hugo Sousa wrote:
Hello,
I have a page that cannot be accessed by typing is url. It should only be
accessed by a link in another web page. The following scrip works fine:
<script>
<!--
var validreferrals=new Array()
validreferrals[0]="http://pdc/test/index.htm"
validreferrals[1]="http://pdc/test/index2.htm"
var passed=0
for (r=0;r<validreferrals.length;r++){
if (document.referrer.indexOf(validreferrals[r])!=-1){
passed=1
break
}
}
if (passed==0) {
alert("Access denied!")
history.go(-1)
}
//-->
</script>
My problem is that on one of the pages, (index2.htm) i use
window.location="http://pdc/test/index3.htm" (this is the protected page) to
access it, and it looks like the referrer is empty in this way. Is that any
any to solve my problem?
You're wasting your time. Anyone can look at your pages just by turning
Javascript off in their browser.
If you want to restrict pages to particular referrers, then you have to use
server-side scripting.
Phil
While it's true that he could use server-side technology to restrict his page to
particular referers, it's also a waste of time. HTTP_REFERER can be easily
forged/spoofed/altered by non-browser applications. What referer he is allowing to
visit the page would be hidden of course, but depending on the design of the site,
it might be easy enough to figure out what pages/referers he's allowing to visit
the restricted page.
--
| Grant Wagner <gw*****@agricoreunited.com>
* Client-side Javascript and Netscape 4 DOM Reference available at:
*
http://devedge.netscape.com/library/...ce/frames.html
* Internet Explorer DOM Reference available at:
*
http://msdn.microsoft.com/workshop/a...ence_entry.asp
* Netscape 6/7 DOM Reference available at:
*
http://www.mozilla.org/docs/dom/domref/
* Tips for upgrading JavaScript for Netscape 6/7 and Mozilla
*
http://www.mozilla.org/docs/web-deve...upgrade_2.html