Posted on 2009-04-08
I'm testing someone else's code that hey have put in my site. I know that as part of their security suite, they used header (Location:) to redirect to a login page, but I need to make sure that after it's redirected it stops executing.
For those who don't know why... if a page does not stop executing, all a hacker needs to do is to find a browser that will not honor the header(Location:) and they can get in.
What I'm looking for us such a browser, or other method for testing the site. Yeah, I know I could go dig through the code myself, but it's going to take forever. I just want a method to test a handful of sensitive pages (user accounts, etc) to make sure that we're secure.
So here's the question. Anyone know of such a browser or method for testing? I know a hacker would just have to download the firefox source, find the place where it redirects because of header(location) and comment it out. I'm no coder, so that's beyond me.