BareMetal.com

Baremetal
My Account
Domain Registration Management Services
Web Services
Rates and Specs
Bulk Rates
CGI Library
FAQ
Order Form
Tech Support
Billing Info
Company Info
Charities
Legal Info
Employment
Privacy Statement

BM


Web Services

Referer Security Check;

Return CGI Library

Some time ago we noticed that people 'out on the web' were making use of some of our gadgets. While not a "Good Thing" it was decided that the extra complexity required to try to prevent this wasn't worth the small amount of system resources we might save.

This changed when we saw a client's competitor 'borrow' a page and continue to make use of the BareMetal gadget that it pointed to. The thief was taking advantage of the client's priveledges and development time as well as our equipment.

By making use of some of the extra information that the new browsers send to the server, it is simple to detect when an access comes from a 'foreign' web-site.

The easiest way to avoid accidently triggering this alarm is to avoid putting a host parameter in the action statement of your <form> tag.

For example:

<form action="http://baremetal.com/cgi-bin/mail2" method="post" >

might trigger an alert if the page was called from a different virtual server. A call such as:

<form action="/cgi-bin/mail2" method="post">

Is always going to go to the same server that the page was loaded from.

Not all the gadgets have this security check built into them, but you can expect most of the new ones to include it :-).

As a further note, it's not possible to detect all references from off site... as some browsers don't send any information about the refering page, but the current system should stop with a security alert for about 70% of the browsers in use.



 
Home Page    Domain Registration Services    Web Services    Technical Support
About Baremetal    Privacy Statement    Billing Info    Charities
My Account    Legal Info    Search BareMetal

Copyright 1996-2012, BareMetal.com Inc.
Last updated: Thursday, 28-May-2015 16:14:47 PDT
Last Accessed from: No-one!
Questions and comments to support@baremetal.com