Indistinguishable from Jesse

This simple hole allows any site to change your Google preferences behind your back. Someone could change your Google interface language to Pig Latin. (Why Pig Latin rather than, say, Russian? It's more fun, and the "Google.com in English" link isn't as obvious when the surrounding text looks like English.) Someone could make your searches only turn up English results. Worst of all, someone could stop you from using Google to search for porn by turning on SafeSearch.

Slashdot's solution to this type of hole is "formkeys". I don't know how other sites solve it. But one incorrect solution is to check referrers. (Update May 5, 2005: I'm no longer sure checking referrers is incorrect.)

This entry was posted on Thursday, October 23rd, 2003 at 9:30 pm and is filed under Google, Security. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.