Security: Referrer


If you are a ...
you will find that one of the most valuable ... can use is the ...
On the other hand, if you are a surfer, you maywant to disable this feature as it can be a securi If you are a webmaster, you will find that one of the most valuable thingsyou can use is the referrer. On the other hand, if you are a surfer, you maywant to disable this feature as it can be a security risk and a violation ofyour privacy.What is this referrer thingie? Well, all web servers have the capability tocreate log files and virtually all web masters (at least those who know whatthey are doing) use these logs to determine how their web site is doing.
Thelog files contain one line for each hit to the web site. The format andcontents of the line vary from server to server (and webmasters can specifythey want more or less information), but in general it has an incredibleamount of information about that one hit.Some of the information gathered for each hit to a web site includes (amongother things):- The requested file (for example, index.html)- A status code indicating success or error (404 errors, for example)- The browser type being used by the surfer (this is the agent name, and itcan also be the name of a search engine spider or a spam harvester).- The screen resolution of the surfer's monitor- The date and time (locally to the server) of the hit- The TCP/IP address of the surfer (yes, every web page that you have everlooked at has your TCP/IP recorded in a web server log file somewhere).- The URL where the surfer came fromIt's this last statistic that causes some concern.
Oh, there is a minorissue in that your TCP/IP address is stored in the server logs when youaccess a page, but this is not very important. You see, these logs do nottend to last very long as they get very large extremely quickly.
Many (ifnot most) web sites purge these as soon as statistics are gathered.Conceivably, of course, this could be of concern if an investigation wereperformed ... and these logs are looked at by webmasters for hackingattempts.No, the important information is the referrer field.
Why? Well, first thereis the privacy question. If a webmaster knew your TCP/IP address (and hewould have to know your address specifically, since this is the only thingrelating you to the line in the log file - there is no name or email addressstored there) he could get an idea of what you looked at before you came tohis site.
Thus, there is a remote chance that your privacy could becompromised ... a very remote chance since this is virtually never done byany webmaster.The second, and very critical problem is a real security risk.
You see, manywebsites allow you to log into their sites to personalize your experience.These sites allow you to enter personal data such as credit cardinformation, social security numbers and other items into their database.Generally cookies are used to identify you as you move from page to pagethrough the web site. Cookies are by far the best and preferred way to dothis - it's called maintaining context.
However, cookies are frowned upon mymany surfers for various reasons (mostly blown out of proportion fearscreated by a press that feels it needs dangers and bad news to staycompetitive).Thus, some clever webmasters have come up with alternate ways to allow theirweb sites to know that "you are you" as you move around on their site. Avery sloppy method consists of adding a username and password on to the endof each URL.For example, suppose you log into a shopping site with a username andpassword like so: URL: http://www.anyshoppingsite.com Username: innocent Password: naiveIf you moved to a page called "toys.htm", the URL might become: http://www.anyshoppingsite.com?u=innocent?p=naiveYou see the problem? Not yet? Okay, there is no problem as you move aroundfrom page to page within the shopping site.
The problem results when yousurf to another page outside of the shopping site.What happens? Well, if you surfed to another site from the page above, thatURL complete with the username and password would be added to the server logfiles. Guess what, your username and password just got recorded in plaintext somewhere completely unexpected.So what's the problem really? Well, let's say you went to your shoppingsite, logged in and made some purchases.
To make it simple for you, yourcredit card numbers are stored on the site and you can retrieve them at anytime after you are logged in. Everything seems safe because you need ausername and password to get in.Now, when you are finished shopping you are supposed to log out.
This wouldremove the username and password from the referrer. However, you don't dothis and instead surf to another site.
You leave your username and passwordin that webmasters log files. If that webmaster happens to check his logfiles he could get your username and password, log into your account and getyour credit card numbers.Are you alarmed yet?Okay, how do you stop this from happening? It's relatively easy, actually.You get a product called AdSubtract and install it on your computer.
Bydefault this product will remove the referrer field as you surf around. Youare now protected.Oh yes, one side effect is you cannot just surf to that shopping site, sincethe login information is removed by AdSubtract.
Fortunately, AdSubtractallows you to configure exceptions. All you need to do is enter the"filters" section, add your shopping site and specify to not remove thereferrer.And that, my friends, is how you protect yourself from one of the internet'sbiggest gaping security holes.
I hope this has been of use to you. Article Tags: These Logs, Tcp/ip Address, Shopping Site Source: Free Articles from ArticlesFactory.com .

Top blog stories

A review of Idmobile.com

Idmobile.com offers both pay-as-you-go and contract plans. Pay-as-you-go plans are ideal for customers who don't want to be tied down to a long-term contract, and they can purchase bundles of data, minutes, and texts as and when they need them.

see post

A review of Idmobile.com

Idmobile.com offers both pay-as-you-go and contract plans. Pay-as-you-go plans are ideal for customers who don't want to be tied down to a long-term contract, and they can purchase bundles of data, minutes, and texts as and when they need them.

see post

AO.co: Online Shopping Made Simple

AO.co is a trusted expert in TVs, washing machines, clothes dryers and other household appliances. AO.com is one of the largest retailers in the UK and it specializes in electronics, clothes and home furniture.

see post

For our people.

At Three, we believe phones are good. They just make life better. Easier. And more fun. But we all need to find a balance that works for us. Our mission is to help our customers use their phones to live their best lives.

see post

We make your life easier

We make your life easier Since 1992, we’ve been helping customers get the best deal on their dream phone. We firmly believe in giving you the highest quality, for the lowest price. That’s why we work with three of the UK’s leading networks to do all the haggling for you,...

see post

FOUR BRANDS BECOME ONE. CURRYS.

Currys PLC is a leading omnichannel retailer of technology products and services, operating through 800+ stores and 16 websites in seven countries.

see post

Halfords - Quicker, Easier, and Convenient.

At Halfords, we're all about the journey. With more than 700 stores with over 10,000 colleagues, we're the UK's leading retailer of automotive and cycling products. We are also the leading operator in MOT, tyres, car servicing and car repairs - pleasing more than 750,000 customers every year.

see post

FOUR BRANDS BECOME ONE. CURRYS.

Currys PLC is a leading omnichannel retailer of technology products and services, operating through 800+ stores and 16 websites in seven countries.

see post

Sky - Epic. Endless. Entertainment.

It's important to us that everyone gets great customer service and can enjoy our products, no matter their level of sight. So, if you're blind, partially sighted or struggle to see or read the screen, we’ve a range of features to help you get the most from our products and...

see post

Nasty Gal - We exist for the “girl in progress”.

Look iconic, without the hassle— using Nasty Gal discount codes, you can shop your favorite pieces for way less by simply entering one of our promotional codes (of your choice) at the checkout. From delivery offers, to promo deals, we keep ‘em coming, so you always have the offer you...

see post

Digital Publishing From Past to Now

The Covid-19 has caused the school and universities to shut down around the world creating a major issue in Learning and Education. As this virus spreads through the interaction and if social distanci... The Covid-19 has caused the school and universities to shut down around the world creating a major...

see post

Why it’s Important to Manage Your Holiday Calendars?

A printable calendar 2021 is a prominent online platform where you download printable calendars of your choice. These calendars can be customized as per our client requirement with photo, text, logo, or any other image. If you are thinking of planning a dream vacation tour with family and kids but...

see post

A review of Idmobile.com


Idmobile.com offers both pay-as-you-go and contract plans. Pay-as-you-go plans are ideal for customers who don't want to be tied down to a long-term contract, and they can purchase bundles of data, minutes, and texts as and when they need them.

A review of Idmobile.com


Idmobile.com offers both pay-as-you-go and contract plans. Pay-as-you-go plans are ideal for customers who don't want to be tied down to a long-term contract, and they can purchase bundles of data, minutes, and texts as and when they need them.

AO.co: Online Shopping Made Simple


AO.co is a trusted expert in TVs, washing machines, clothes dryers and other household appliances. AO.com is one of the largest retailers in the UK and it specializes in electronics, clothes and home furniture.

For our people.


At Three, we believe phones are good. They just make life better. Easier. And more fun. But we all need to find a balance that works for us. Our mission is to help our customers use their phones to live their best lives.

We make your life easier


We make your life easier Since 1992, we’ve been helping customers get the best deal on their dream phone. We firmly believe in giving you the highest quality, for the lowest price. That’s why we work with three of the UK’s leading networks to do all the haggling for you,...

FOUR BRANDS BECOME ONE. CURRYS.


Currys PLC is a leading omnichannel retailer of technology products and services, operating through 800+ stores and 16 websites in seven countries.

Halfords - Quicker, Easier, and Convenient.


At Halfords, we're all about the journey. With more than 700 stores with over 10,000 colleagues, we're the UK's leading retailer of automotive and cycling products. We are also the leading operator in MOT, tyres, car servicing and car repairs - pleasing more than 750,000 customers every year.

FOUR BRANDS BECOME ONE. CURRYS.


Currys PLC is a leading omnichannel retailer of technology products and services, operating through 800+ stores and 16 websites in seven countries.

Sky - Epic. Endless. Entertainment.


It's important to us that everyone gets great customer service and can enjoy our products, no matter their level of sight. So, if you're blind, partially sighted or struggle to see or read the screen, we’ve a range of features to help you get the most from our products and...

Nasty Gal - We exist for the “girl in progress”.


Look iconic, without the hassle— using Nasty Gal discount codes, you can shop your favorite pieces for way less by simply entering one of our promotional codes (of your choice) at the checkout. From delivery offers, to promo deals, we keep ‘em coming, so you always have the offer you...

Search topic

Nasty Gal - We exist for the “girl in progress”.

Look iconic, without the hassle— using Nasty Gal discount codes, you can shop your favorite pieces for way less by simply entering one of our promotional codes (of your choice) at the checkout. From delivery offers, to promo deals, we keep ‘em coming, so you always have the offer you...

Learn more