Please drop the necessity of HTTP referer
Surely, the referer might help to hamper "Cross-site request forgery". But aren't there other strong methods to prevent this kind of attack? I'm really not an expert on Internet security, but I know that the HTTP referer itself is a great privacy leak and all web sites (including home banking, eBay, paypal etc.) except for Lauchpad work without transferred HTTP referers. It is rather enervating to disable and enable (on Opera) the referer only for the Launchpad which is a very nice bulletin board, indeed, but just a bulletin board and not a financial transaction tool.
Question information
- Language:
- English Edit question
- Status:
- Answered
- For:
- Ubuntu xorg Edit question
- Assignee:
- No assignee Edit question
- Last query:
- 2011-04-09
- Last reply:
- 2011-04-10
| David (d--) said : | #1 |
daveb suggests this article as an answer to your question:
FAQ #1024: “Why does Launchpad require a REFERER header?”.
| David (d--) said : | #2 |
However, as noted in https:/
| Martina Theuerjahr (mat974) said : | #3 |
Thanks for your answer. This does not solve my problem (I knew the FAQ topic), but reactivating the discussion on the related bug #560246 hopefully will enhance the usability of the Launchpad for users with high privacy demands.
| Dedeco (dedeco) said : | #4 |
I agree with Martina Theuerjahr . I think Launchpad loses contributors and several contributions for myself just for this simple "requirement".
1. It does not completely prevents the attack
2. It makes the usability VERY BAD because it may even discard our already submitted form data
Can you help with this problem?
Provide an answer of your own, or ask Martina Theuerjahr for more information if necessary.
