Una de las cosas que valoro mucho es el ingenio. Usar cosas para realizar una tarea distinta de la que ha sido pensada siempre ha sido uno de mis pasatiempos favoritos. Ahora bien, hay que distinguir entre un “apaño”, una “curiosidad” y un “uso adecuado”. ¿A dónde quiero ir a parar? A que la gente debería leerse la documentación antes de hacer machadas :P
El protocolo HTTP tiene la característica de decirle a la web que estás visitando cuál es la última que has visitado, llamada HTTP Referer. Vamos, que las páginas saben de dónde vienes. Esto es una característica que a veces resulta útil, por ejemplo para evitar el “hot linking”. Es algo así como preguntarle al navegador “Oye, ¿de dónde vienes?”, tal cual. El navegador puede decirte la verdad, no responderte o mentirte, aunque como os podéis imaginar, la inmensa mayoría de los navegadores están configurados por defecto para responder con la verdad.
El problema viene cuando la gente usa esta característica para realizar sistemas de seguridad. Imaginemos el siguiente escenario:
La empresa PagoPoco tiene una zona pública con información de contacto, productos y servicios, etc… y una zona privada, digamos por ejemplo que todo el directorio “/private” con las páginas para descargarse los productos. Para acceder a esa zona privada, tienes que hacer login en una página que está en la zona pública (si estuviese en la privada sólo podrías acceder si ya estuvieses autenticado, y claro, tiene poca gracia autenticarse estando autenticado). Si el nombre de usuario y contraseña es válido, te lleva a “/login_success.php” si no, te devuelve a la página principal de la zona pública.
Un sistema que use HTTP Referer para implementar ese sistema podría tener una norma tal que así:
Si la última página visitada es de la forma “/private/*” o “login_success.php”, déjale pasar.
¿Tiene sentido no? El problema es que, como he dicho antes, el navegador puede mentir y decir que viene de “/prívate/meLoInventoPorqueMolo.php” o de “login_success.php” o de lo que le dé la gana… y claro, todo el sistema se vuelve una mierda :P
Os dejo un pequeñísimo programa con su código fuente (C#) que permite visitar la web que queráis y decir que venís de la web que queráis. Podéis probarlo http://www.stardrifter.org/cgi-bin/ref.cgi , en un navegador normal os dirá que venís de esta web, o si lo ponéis en una nueva ventana, que no venís de ningún sitio. Si usáis el programa que dejo, podéis especificar de dónde venís.
¡Genial! Más de una primera vez me encuentro con alguna web que utiliza este sistema.
Muy buena explicación :D
también hay addons para Firefox que te permiten hacer esto de manera más o menos automática.
https://addons.mozilla.org/en-US/firefox/addon/1999
https://addons.mozilla.org/en-US/firefox/addon/953
El 1999 lo había encontrado cuando miré el tema, pero es para versiones viejas de FireFox. Del 953 no sabía nada y tiene muy buena pinta.
Gracias por el apunte :D
Hola buen aporte, aunque es confiable utilizar la session de php o es lo que opino para validar un acceso; algo que me interesa es utilizar HTTP Referer, para web services en apoyo a la autenticacion para dar respuesta del servicio según del server que haga la petición independientemente de un key generado validar el host que hace la petición.
Great! Nice post with high quality content.
Over the last ten yeɑrs, internet site creation and manaɡement has
absolutely improved. From creatіng stɑtic, HTML dependent web sites
we have moved to building giɡantic dɑtabases pushed websites.
Feel frее to visit my webpage :: situs Togel online
Hey! I know this is kinda off topic but I was
wondering if you knew where I could get a captcha plugin for my comment
form? I’m using the same blog platform as yours and I’m having problems finding
one? Thanks a lot!
Thank you for the auspicious writeup. It in fact was a amusement account it.
Look advanced to more added agreeable from you!
By the way, how can we communicate?
amazon translation management systemtranslation management system translation management systems
translation management project management translation translation project
management translation management software software translation management wpml-translation-management translation project
management jobs wpml translation management management translation anger management classes in spanish translation translation management tools translation management platform translation management
tool translation project management software best translation management system translation management software free management spanish translation free translation management software translation management services best
translation management software translation management service cloud based translation management system cloud-based translation management system
free translation management system translation and localization management sdl translation management system tms
translation management system open source translation management system translation project management system translation management technology translation quality management translation memory management translation management system
open source translation management jobs content management system translation clinical translation management
wpml translation management plugin management hindi translation the management of translation exposure is
best described as terminology management in translation free translation project management software project management in translation industry wordpress
translation management translation management system free xtrf translation management systems open source translation management
plunet translation management system business management spanish translation translation workflow
management across translation management translation management system wikipedia best translation management systems drupal 8 translation management translation business management system wpml translation management latest version translation management wpml translation management degree translation management system examples wpml translation management free sdl translation memory management utility translation management system definition business translation management translation project
management tools free translation management systems phrase translation management translation project management course translation project management tool lokalise translation management
smartling translation management system plunet translation management systems translation workflow management
software online translation management system drupal translation management tool translation management tool drupal management translation french translation management software open source drupal 7 translation management translation management software market
enterprise translation management system web based translation management system translation management workflow wpml translation management
github anger management in spanish translation project management software for translation agencies translation management portal xtrf translation management system a guide to
translation project management address translation in memory management translation exposure management translation project management pdf wpml disable translation management online translation management wpml-translation management github smartling translation management
wpml translation management download translation project management
training wpml translation management addon sharepoint translation management library translation management system comparison translation terminology management website translation management translation project management software free
amazon translation management system time management
in hindi translation translation management course translation vendor management translation and localization project management the art of the possible online translation management software translation management drupal translation and localization project management
drupal translation management translation risk
management download wpml translation management management in french translation management of translation exposure translation management tool business objects 4.2 loco translation management supply chain management chinese translation business management translation translation management company wpml translation management plugin download xtm translation management system
translation agency management software translation management online wpml translation management babiato wpml translation management wordpress management of
translation exposure ppt learning management systems
translation translation management ltd translation management automation wpml translation management nulled
translation management library wpml translation management free
download wpml translation management wordpress plugin wordbee translation management system
translation management module drupal 8 top translation management system translation platform management
mozilla’s pontoon translation management system user interface
translation management system architecture terminology management translation terminology management and translation translation quality management coursera wpml translation management exploit translation localization management miis translation management system smartling translation management system software wpml translation management settings memsource translation management system translation file management translation exposure in international financial management php translation management system translation management
free translation management definition management chinese translation master of arts in translation and localization management
translation project management workflow german document translation management best translation management tools translation management system sdl masters
in clinical translation management translation management system gartner translation project
management internship london translation management core
translation management systems and cat tools translation and localization management
ma middlebury translation and localization management translation management
tool drupal 7 translation management system across gartner magic quadrant translation management wordbee translation management wpml translation management changelog engineering management translation translation management wordpress translation project management
internship wordpress multilingual translation management
addon translation and localization management jobs project management chinese translation translation project management certificate watershed management translation in tamil translation quality management process translation management certification management science translation german drupal 8 translation management tool translation management in wpml us
based translation management system translation management system compare wpml translation management documentation german certificate translation management translation project management skills discuss on edi translation management software nimdzi translation management systems wpml-translation-management exploit weight
management in spanish translation github translation-management idea management
tools translation app translation management translation project management cv translation management system reviews terminology management and translation memory phraseapp the translation management system email management translation capterra translation management google translate wordpress login project management
tools best translation app gengo smartling translation jobs online project management tools
free proz lokalise translation jobs remote project management tools microsoft best
translation website translation services online best websites for
translation memsource freelance translator freelance translation jobs wpml
matrix project management tools and techniques gengo jobs translatepress localize website gengo
translator localize translation project management tools list top project
management tools get paid to translate online polylang localize app free translation sites translation software for documents google translation tools lokalise careers gengo naruto translation jobs online from home best translation software wpml plugin localize js translator jobs salary translation platforms translation platform localize ai
localize meaning free translation software project management tools excel localization tools free translation tools freelance
translation websites get paid to translate simple documents from your home part time
translation jobs from home translation jobs online no experience advanced translator online
translation jobs for students project management tools in software engineering
translation jobs for beginners freelance translation jobs from home software localization tools translation software
for pc translation programs online google translation jobs from home wpml
string translation wpml login smartling pricing lokalise pricing
localization platforms best freelance translation websites wpml multilingual cms smartling login lokalise api project
management tools pdf online translation jobs for beginners upwork translation jobs advanced translator nms software translation tools best freelance translation websites for beginners wpml pricing
wpml language switcher smartling jobs smartling reviews lokalise glassdoor free translation software for documents wpml automatic translation best free translation software best machine translation software
multilingualpress automatic translation software wpml support smartling competitors smartling crunchbase
speech translation software best translation software for pc best
translation tool free wpml woocommerce wpml alternatives wpml credits translation editor
android studio wpml vs polylang what is a translation management system what is
translation management system what is translation management what is
translation management software best translation management system cloud based translation management system cloud-based translation management
system content management system translation enterprise translation management system free
translation management system memsource translation management
system mozilla’s pontoon translation management system
user interface online translation management system open source translation management system php
translation management system phraseapp the translation management system plunet translation management system sdl translation management system smartling translation management system
tms translation management system top translation management
system translation business management system translation management system translation management system across translation management system architecture translation management system compare translation management system comparison translation management system definition translation management system examples
translation management system free translation management system
gartner translation management system open source translation management
system reviews translation management system sdl translation management
system smartling translation management system software translation management system wikipedia translation project
management system us based translation management system web
based translation management system wordbee translation management system xtm translation management system xtrf translation management system 5 example of content management system
app translation services best cat tools best cms for developers best content management system
best free cat tools best freelance translation websites for
beginners best translation management software best translation services
best translation software for pc best translation tool free cafetran espresso cat in computer cat tool translation cat tools
cat tools catalog cat tools examples cat tools free cat tools list cat tools online certified translation services cms website computer-assisted
translation computer-assisted translation examples computer-assisted translation meaning computer-assisted translation pdf computer-assisted translation tool content management application content management companies content management software content management system content management system company content management system examples content management system features content management system website
content management system wordpress content management tools crowdin custom content
management system digital content management system document translation services enterprise content management system examples examples
of computer-assisted translation free cat
tools translation free translation management software free translation software free translation software for documents free translation tools freelance translation jobs from home gengo google translate google translate app google translate camera google translate english google translate english
to urdu list of cms localization api localization app localization platforms
localization software localization tools localize ai localize app localize js localize mobile app localize translation localize website lokalise lokalise api lokalise
careers lokalise glassdoor lokalise pricing matecat memoq download memsource most popular content management system online
translation jobs for students open source cms open source translation software poeditor professional translation services project management tools project management tools and techniques project management tools excel project management tools
free project management tools in software engineering project management tools list
project management tools microsoft project management tools pdf
saas localization smartling smartling competitors smartling
crunchbase smartling jobs smartling login smartling pricing
smartling reviews smartling translation software localization tools software translation services software
translation tools speech translation software top project
management tools transifex translate english
to french translate google translate to
english translation jobs online translation management
software translation management tool translation platform translation platforms translation project management
software translation services near me translation services online translation software for pc translation tool types of cms types of content management system uses
of computer-assisted translation web content management system wordpress content management system what is a translation management system what is cms in marketing what is
content management system what is translation management system what is wordpress
used for (https://pluterr.com/)
Every weekend i used to go to see this web site, as i wish for enjoyment, as
this this website conations truly good funny material
too.
Party Snapoѕ Ph᧐to Boоth OC | Photo Booth Rental Orangе County
12911 Dunga Ln, Garden Grove, CA 92840
open air booth rental Industry
Your style is so unique compared to other people I’ve read
stuff from. Many thanks for posting when you’ve got the opportunity, Guess I’ll just bookmark this page.
Hello there! Would you mind if I share your blog with my facebook group?
There’s a lot of folks that I think would really appreciate your content.
Please let me know. Thank you