Add to Favorites

HTTP HOST header fake

Just a quick tip, if you use the HOST: header in your applications, remember, don't use it anywhere critical to security because it can be faked by someone with the know how. I know that there is some popular blogging software out there.... that had previously used $_SERVER['HTTP_HOST'] to include a file, if it is faked that is insecure.


Be the first to leave a comment on this post.

Leave a comment

To leave a comment, please log in / sign up