[Zope] How to get name of calling DTML or script..

Charlie Reiman creiman@kefta.com
Mon, 15 Jul 2002 11:05:12 -0700


Security conscious people have been dealing with broken websites for ages
but that's not the point. HTTP_REFERER can, and often does, contain nothing
or browser specific crap.

For instance, you can type a URL directly into the browser. With auto
completion so common, this is how I visit most websites. Generally, you
won't get a referrer in these cases.

More common is the bookmark issue. Some browsers pass browser specific (ie.
crap) strings as the referrer in these cases. And then there is the case of
deep linking resulting in referrers that not only aren't from your site but
also contain whatever dynamic content gobblygook that site uses.

Referrer is really only good for log analysis and figuring how who is
slashdotting your site. Any other use is asking for trouble. IMHO, of
course...

Charlie Reiman

> -----Original Message-----
> From: zope-admin@zope.org [mailto:zope-admin@zope.org]On Behalf Of Chris
> Withers
> Sent: Sunday, July 14, 2002 2:38 AM
> To: Geir Bækholt
> Cc: Jason Bush on the zope-list; Kevin Carlson; zope group
> Subject: Re: [Zope] How to get name of calling DTML or script..
>
>
> Geir Bækholt wrote:
> >
> > HTTP_REFERER is an *optional* HTTP-HEADER that most clients/browsers
> > send with the request , but they are not required to do so. I know
> > that at least in Opera there is an option to turn it off for those
> > concerned with privacy..
> >
> > - Just so that no one relies on it for important stuff...
>
> ...many people rely on this. I wasn't aware it was optional, but
> I guess for
> people that paranoid, they'll just have to suffer non-functional
> web sites ;-)
>
> cheers,
>
> Chris
>
>
> _______________________________________________
> Zope maillist  -  Zope@zope.org
> http://lists.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists -
>  http://lists.zope.org/mailman/listinfo/zope-announce
>  http://lists.zope.org/mailman/listinfo/zope-dev )
>