The following WML attribute helps control security risks from malicious services:
If you do not specify the attribute listed in the table above, the phone uses the default setting, which provides the highest degree of security. In general, the default setting provides the most security. However, there are some specific areas where you should be cautious. These are described in the following sections.
If your service provides URLs that perform sensitive operations, it should check the HTTP Referer
header (the HTTP_REFERER
environment variable set by the Web server) to make sure that the requests it handles originate from friendly domains. The phone does not set the Referer
header unless you specify sendreferer="true"
in the <go>
task that makes the request.
Referer
header when handling requests for sensitive information or operations.