Using Referrer Field for Authentication

From Guidance Share
Revision as of 04:59, 7 August 2007 by GardenTender (talk | contribs)
(diff) ←Older revision | Current revision (diff) | Newer revision→ (diff)
Jump to navigationJump to search


The referrer field in HTTP requests can be easily modified and, as such, is not a valid means of message integrity checking.

Applies To

  • Languages: All
  • Operating platforms: All


The following code connects to a remote host and then checks referrer field to make a trust decision:

sock= socket(AF_INET, SOCK_STREAM, 0); 
bind(sock, (struct sockaddr *)&server, len) 
while (1){
 newsock=accept(sock, (struct sockaddr *)&from, &fromlen);
 if (pid==0) {
   n = read(newsock,buffer,BUFSIZE);
   //Make a trust decision based on referrer
   if (buffer+...==Referer:
   //do stuff

Since referrer may be spoofed by the remote host, a valid trust decision cannot be made with this information


  • Authorization: Actions, which may not be authorized otherwise, can be carried out as if they were validated by the server referred to.
  • Accountability: Actions may be taken in the name of the server referred to.


  • Use of referrer field to make a trust decision about a remote host.


  • Design: Use other means of authorization that cannot be simply spoofed.

Vulnerability Patterns

How Tos