Netscape referrer security problem: a reply from Netscape

Netscape referrer security problem: a reply from Netscape

Regarding our previous coverage of a "security glitch" involving referrers in Netscape, Steve Dagley (of Netscape) offers the following information and work-around:

"This has always been the behavior in Navigator/Communicator. I suspect it was thought to be well known (every secure web site I access warns me to close the browser window I was using before surfing to another site or closes it for me as part of the logout process) and not critical but after this attention we're looking at changing the behavior for the next release. Our current intention is to remove any user name and password info from from the referrer response (we already remove the password before storing the URL in the global history).

In the meantime there is a work-around for folks using Communicator/Navigator 4.04.1 or later (it may work with earlier 4.x versions but I'm not sure when this was added) that are concerned with this issue. Basically it tells Communicator/Navigator to not send the URL in response to the referrer tag.

Add the following line to the Netscape Preferences file by opening it with BBEdit (or a similar text editor):

user_pref("network.sendRefererHeader", false);

Note that you must not edit the file while Communicator/Navigator is running and you should make a backup copy of the file before editing it, just in case. For consistency's sake, the line should be inserted where the other network prefs are set."

Featured Video
This content is rated TV-MA, and is for viewers 18 years or older. Are you of age?
Sorry, you are not old enough to view this content.

New Google OnHub router is one of a kind

Reviewing the search giant's sleek and super-cool OnHub home router (while totally and completely trusting Google with personal info).

by Dong Ngo