Important Notice: Our web hosting provider recently started charging us for additional visits, which was unexpected. In response, we're seeking donations. Depending on the situation, we may explore different monetization options for our Community and Expert Contributors. It's crucial to provide more returns for their expertise and offer more Expert Validated Answers or AI Validated Answers. Learn more about our hosting issue here.

Can CSRF be prevented by implementing referrer checking?

checking csrf implementing referrer
0
0 Posted

Can CSRF be prevented by implementing referrer checking?

0 CommentsAdd a Comment

1 Answer

0
0

No. Referer headers can be spoofed using XMLHTTP and by using flash as demonstrated by Amit Klein and rapid7 and therefore cannot be trusted. Has a vulnerability in a major site been discovered? A vulnerability in GMail was discovered in January 2007 which allowed a attacker to steal a GMail user’s contact list. A different issue was discovered in Netflix which allowed an attacker to change the name and address on the account, as well as add movies to the rental queue etc…

0 CommentsAdd a Comment

Related Questions

What is your question?

*Sadly, we had to bring back ads too. Hopefully more targeted.

Experts123