To access secure services (token based or credentials), Esri recommends using proxy files (.net github example). When routing requests through the proxy, you are able to request secure services on behalf of the client without exposing your credentials. You can define a property called allowedReferers and assign a list of referring URL's that the proxy will work for. Basically, the proxy won't make any requests for referring URL's that are not defined. If set to '*', any referring request will be processed.
The problem is; the requesting header be spoofed easily by a hacker by just setting a false HTTP Referer property. In this situation, they can access secure services by routing all of their requests through the proxy and setting the referer header to a valid address.
I am looking for recommendations on the best way to work around this issue. Any recommendations?
أكثر...
The problem is; the requesting header be spoofed easily by a hacker by just setting a false HTTP Referer property. In this situation, they can access secure services by routing all of their requests through the proxy and setting the referer header to a valid address.
I am looking for recommendations on the best way to work around this issue. Any recommendations?
أكثر...