Re: Netscape Referer header considered harmful?

ericmLNE.COM

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Crewdson, Andy: "Re: Netscape Referer header considered harmful?"
• Previous message: Eric Allman: "Re: sendmail -C: Known? Patches? (AIX 4.1.5)"
• In reply to: Ronald L. Parker: "Netscape Referer header considered harmful?"
• Next in thread: Crewdson, Andy: "Re: Netscape Referer header considered harmful?"

Ronald L. Parker writes:
> I found something I consider mildly disturbing while browsing my
> referer log stats today.  Viewers to our site today have been referred
> from the following URLs:
>
> file:///Hard%20Disk/System%20Folder/Preferences/Netscape%20%C4/Bookmar
> s.html
> file:C:\NETSCAPE\COMM\PROGRAM\USERS\DEFAULT\BOOKMARK.HTM
> file:///molly's%20bookmarks/molly's%20bookmarks
>
> As you can see, this is a cross-platform problem.  What I don't know
> is whether these were sent by people just picking the bookmark from
> the dropdown or by people using their bookmarks file as a home page.
> Not having Communicator myself, and not planning to get it any time
> soon, I can't test this.  In any case, file: URLs should be private.

[why leaking Referrer is bad]


Check out my 'cookie jar' program.  It blocks cookies, ads
and Referrer (and it'll lie about User-Agent if you wish).

http://www.lne.com/ericm/cookie_jar/

--
Eric Murray  Chief Security Scientist  N*Able Technologies  www.nabletech.com
(email:  ericm  at  lne.com   or   nabletech.com)          PGP keyid:E03F65E5

• Next message: Crewdson, Andy: "Re: Netscape Referer header considered harmful?"
• Previous message: Eric Allman: "Re: sendmail -C: Known? Patches? (AIX 4.1.5)"
• In reply to: Ronald L. Parker: "Netscape Referer header considered harmful?"
• Next in thread: Crewdson, Andy: "Re: Netscape Referer header considered harmful?"