Quote:
Originally posted by Bad B0y
would it not be easier to spoof if you only rely on the username that is in the url?
|
Not much difference there. Its quite easy to spoof HTTP_REFERER
Besides - all easy spoofing mechanism are easily detectable.
If someone is not smart enough to use advanced cheating - he/she will be easily detected and flushed.
If someone is smart enough to deploy advanced cheating and spoofing "tools" - its very much likely that REFERER will not be a deterrant.
In any way - the most smart cheating mechanism revolve not around IDs nor around referer.