473,378 Members | 1,436 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > .net framework > questions > html referrer spoofing

Join Bytes to post your question to a community of 473,378 software developers and data experts.

html referrer spoofing

i would like to make a page thats only accessible from a certain website.
so i did this

if
(HttpContext.Current.Request.UrlReferrer.ToString( ).Trim().StartsWith(http:/
/www.approveddomain.com))

method();//access page

else

accessdenied();

--------------

did i do this right? i know there are programs out there that can spoof http
referrer would my code still work?

ie.spoofed url

http://www.hacker.com/@http://www.approveddomain.com

i need to make sure my code works 100% of the time.

Thanks

Aaron
Jul 21 '05 #1
1 1839
Well, all it would take is for somebody to write to the headers, and your
security has been defeated. Do you have any control over this other site? If
so, then you can have that site set some variable somewhere that your target
site goes in and reads. For example, it could generate a new GUID, store
this in a database, and then add it to the querystring. The target site can
then read this GUID, compare it to the database, and then clear the
database. If you need to be absolutely guaranteed that the user hasn't
modified the headers somehow, then you have to store something on your end
that the user/attacker can not get to.

--
Chris Jackson
Software Engineer
Microsoft MVP - Windows Client
Windows XP Associate Expert
--
More people read the newsgroups than read my email.
Reply to the newsgroup for a faster response.
(Control-G using Outlook Express)
--

"Aaron" <ku*****@yahoo.com> wrote in message
news:eB**************@TK2MSFTNGP12.phx.gbl...
i would like to make a page thats only accessible from a certain website.
so i did this

if
(HttpContext.Current.Request.UrlReferrer.ToString( ).Trim().StartsWith(http:/
/www.approveddomain.com))

method();//access page

else

accessdenied();

--------------

did i do this right? i know there are programs out there that can spoof
http
referrer would my code still work?

ie.spoofed url

http://www.hacker.com/@http://www.approveddomain.com

i need to make sure my code works 100% of the time.

Thanks

Aaron

Jul 21 '05 #2
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

8
how do I check if the referrer was used HTTP or HTTPS?
by: NotGiven | last post by:
I need to verify if the page that led the user to this page used http or httpS. for example, if the use cam to my page from: httpS://www.dm.com/sample/foo.php I want to know as opposed to...
PHP
3
spoofing in asp
by: Matt | last post by:
I want to know how ASP prevents "Spoofing" to happen?? Someone told me in ASP.NET, the server validation can prevent "Spoofing" to happen. Please advise.
ASP / Active Server Pages
5
Referrer Logs - Strange Entries
by: Ryann | last post by:
Hello. I had a strange entry in my referrer logs. The http-referrer reported that the user came from another site. But the file it claimed to come from a pdf file. I followed the link back and...
HTML / CSS
11
Referrer Spoofing in Javascript?
by: Rod Hilton | last post by:
Hey everyone, Does anyone know if it's possible to spoof a referral using Javascript - as in, when I go from web site A to web site B, if B uses php or javascript or something to see the...
Javascript
2
html referrer spoofing
by: Aaron | last post by:
i would like to make a page thats only accessible from a certain website. so i did this if (HttpContext.Current.Request.UrlReferrer.ToString().Trim().StartsWith(http:/ /www.approveddomain.com))...
C# / C Sharp
2
Parse the referrer
by: Fernando Rodríguez | last post by:
Hi, Is there a way to turn the document.referrer string into a Location like object, so I can extrac the domain and other parts of it? Thansk
Javascript
79
Should UA string spoofing be treated as a trademark violation?
by: VK | last post by:
I wandering about the common proctice of some UA's producers to spoof the UA string to pretend to be another browser (most often IE). Shouldn't it be considered as a trademark violation of the...
Javascript
4
printing HTML with appendix showing links, URL etc...
by: qwweeeit | last post by:
Hi all, I'm a newbie in JS, but I've used it to print html + additional informations: - list of links (also internals) both text (document.links.text) and href - title (document.title) - URL,...
Javascript
2
hacked referrer
by: Jonathan N. Little | last post by:
Obviously I am witnessing some kind of hacking in an attempt to exploit some security flaw in phpbb because I am seeing the activity being logged in my 404 handler script. What puzzles me is that...
PHP
1
rajiv07
How do i Call Perl script from HTML
by: rajiv07 | last post by:
Hi to All, I have try to execute a perl script in html.But nothing get display What i have tried so for is The referrer.pl --------------- #!/usr/bin/perl
Perl
1
Cloud Servers without Credit Card and Email Registration: A Simpler Way to Get on the Cloud
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
General
0
isladogs
Access Europe: Command bars, the Access Shortcut Tool and a simple Audit Log - Wed 3 April
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...
General
0
One-click Importing Excel Data into a*Database
by: ryjfgjl | last post by:
In our work, we often need to import Excel data into databases (such as MySQL, SQL Server, Oracle) for data analysis and processing. Usually, we use database tools like Navicat or the Excel import...
Microsoft Excel
0
Easy Steps to Fix "Canon Printer Won't Connect to WiFi Network"
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
General
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Basic Javascript concepts
by: aa123db | last post by:
Variable and constants Use var or let for variables and const fror constants. Var foo ='bar'; Let foo ='bar';const baz ='bar'; Functions function $name$ ($parameters$) { } ...
Javascript
0
Batch import of multiple excel files into the database
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
Data Management
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!