[nycphp-talk] using $_SERVER['HTTP_REFERER']
Allen Shaw
ashaw at iifwp.org
Fri Mar 5 17:44:48 EST 2004
I'm interested to hear about this also. I've notice that on some sites,
when a logged-in user chooses to log-out he can't back-button and get the
most recent page, but he can back-button back to the page where he logged
in, hit reload, and he's in. On some other sites, though, I have not been
able to recreate this behavior (hotmail is an example). This seems much
more secure.
> Hhmmm, when considering pages that contain sensitive information it
> seems problematic to leave the history transparent. For example, if I
> am banking online and leave the banking site and then leave my computer
> unattended, I don't want someone else to be able to sit down and hit
> the back buttons or history buttons to see my private information. Of
> course, I wouldn't let that happen But, I am designing with the lowest
> common denominator in mind. That is, the user with the least amount of
> technical information and/or the greatest propensity to leave
> themselves vulnerable to such exploits. Isn't it my responsibility as
> a developer to do everything possible to protect the user's sensitive
> information from being viewed by parties other than themselves?
>
> -Aaron
>
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
More information about the talk
mailing list