[nycphp-talk] javascript calling php function
csnyder
chsnyder at gmail.com
Fri Feb 22 09:30:45 EST 2008
On Fri, Feb 22, 2008 at 4:13 AM, inforequest <1j0lkq002 at sneakemail.com> wrote:
>
> Just a warning that if possible your tracking script should limit its
> function to your known intended destinations else fail or whatever.
> Don't leave it "open" or you may find your site being utilized by others
> as a general purpose redirect proxy, often for less-than-honorable purposes.
>
> -=john
>
I was wondering about this, actually, but I also figured there must be
a bajillion other open redirect scripts out there.
Shouldn't it be okay to limit it to requests with a valid HTTP-REFERER
header? In other words, the redirect only works if the user clicked a
link on your site, not by following a link from some other site.
--
Chris Snyder
http://chxo.com/
More information about the talk
mailing list