Re: Netscape Referer header considered harmful?

Eric Murray (ericm@LNE.COM)
Wed, 06 Aug 1997 12:47:49 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Munil Shah: "Re: Vulnerability in WINS web server, NT4.0"
Previous message: Crewdson, Andy: "Re: Netscape Referer header considered harmful?"
Maybe in reply to: Ronald L. Parker: "Netscape Referer header considered harmful?"
Next in thread: Phillip M Hallam-Baker: "Re: Netscape Referer header considered harmful?"

Ronald L. Parker writes:
> I found something I consider mildly disturbing while browsing my
> referer log stats today. Viewers to our site today have been referred
> from the following URLs:
>
> file:///Hard%20Disk/System%20Folder/Preferences/Netscape%20%C4/Bookmar
> s.html
> file:C:\NETSCAPE\COMM\PROGRAM\USERS\DEFAULT\BOOKMARK.HTM
> file:///molly's%20bookmarks/molly's%20bookmarks
>
> As you can see, this is a cross-platform problem. What I don't know
> is whether these were sent by people just picking the bookmark from
> the dropdown or by people using their bookmarks file as a home page.
> Not having Communicator myself, and not planning to get it any time
> soon, I can't test this. In any case, file: URLs should be private.

[why leaking Referrer is bad]

Check out my 'cookie jar' program. It blocks cookies, ads
and Referrer (and it'll lie about User-Agent if you wish).

http://www.lne.com/ericm/cookie_jar/

--
Eric Murray  Chief Security Scientist  N*Able Technologies  www.nabletech.com
(email:  ericm  at  lne.com   or   nabletech.com)          PGP keyid:E03F65E5

Next message: Munil Shah: "Re: Vulnerability in WINS web server, NT4.0"
Previous message: Crewdson, Andy: "Re: Netscape Referer header considered harmful?"
Maybe in reply to: Ronald L. Parker: "Netscape Referer header considered harmful?"
Next in thread: Phillip M Hallam-Baker: "Re: Netscape Referer header considered harmful?"