tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Filter by HTTP_REFERER
Date Wed, 02 Nov 2011 15:51:56 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Pid,

On 11/2/11 4:24 AM, Pid * wrote:
> It'll still be fragile and open to exploitation. An AJAX call can 
> any request headers it likes. You be better off using
> authentication if you want anything more than a casual defence.

+1

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk6xZxwACgkQ9CaO5/Lv0PBLdACglkeADazNPVUA1D6KZevNF/nk
mlAAnicfRb5cuwFytNgeGHvvE5Bz+FYY
=xpk6
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message