Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

More to worry about, such as?

URLs aren't protected any less than cookies are, and cookies are the standard way of securing login tokens.

Heck with URLs you get the 'secure flag' cookie option for free!



Your browsing behaviour in general is being recorded via user patterns, user agent strings, browser configuration, ip address, etc. An interested party can, in general, find out where your browser has been regardless of referer strings. What is so special about the url? It shouldn't contain any information that is meant to be secure.


Yes they are. Cookies are subject to the same origin policy. The Referer header is not.


I think you misread. grannyg00se said there is a lot more to worry about than http referers. We don't need a reminder that referer is a problem.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: