FunBux™ Commissioner (gerg) wrote in suggestions,
FunBux™ Commissioner
gerg
suggestions

Do referer checking before adding interests

Title
Do referer checking before adding interests

Short, concise description of the idea
Check the HTTP "Referer" header when adding an interest. This will prevent people from creating links which automatically add an interest to your profile.

Full description of the idea
Check the HTTP Referer header when someone goes to a page to add an interest (for example: http://www.livejournal.com/interests.bml?mode=add&intid=439744) to ensure that the referer is /interests.bml, or a blank referer. This will prevent people from having interests added to their profile without their knowledge just by clicking on a link, as there is currently no confirmation when an ?mode=add interests link is followed.

An ordered list of benefits
  • More security for interests
  • More user trust that they can follow links without having to worry about unexpected side effects

An ordered list of problems/issues involved
  • Some browsers/proxies disable or turn off the HTTP referer header
  • Will require additional coding/checking for the existence of the header

An organized list, or a few short paragraphs detailing suggestions for implementation
  • Begin checking the HTTP Referer header when ?mode=add is used on interest.bml for a value of either "interest.bml" or a blank value. This will prevent most "spoofs."
  • The above, or simply add a confirmation screen so that the user can confirm that they want to add the interest of 'wild goats' or whatever the interest in question is.
Tags: interests, § implemented
Subscribe
  • Post a new comment

    Error

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

  • 1 comment