Security Issues with “You Are Now Leaving Our Website” Pages

If you've visited a government website, there's a good chance that you've seen the "You are now leaving our website" message. The message, as you have probably guessed, is displayed when a visitor clicks a link leading to an external website. Now I don't plan to discuss the validity of this technique but the potential security risk if utilized incorrectly.

Vulnerable Solution

I recently visited a website that had one of these intermediary pages. Instead of calling them out, we'll pretend the message can be found at www.MyTrustworthyWebsite.com/bye.php. For all the external links, they would create an anchor tag that looked like this:

Note the GET variable called "link" which contains the address for the external website (http://www.AnotherGoodWebsite.com/). When visitors click the link, they are brought to bye.php which displays the message about leaving MyTrustworthyWebsite and links to the external website.

The problem with this solution is that anyone (including the "bad guys") can send any link to bye.php and have it appear as if supported by MyTrustworthyWebsite. So someone could have MyTrustworthyWebsite link to a website that installs a virus or a form used for identity theft. They just need to persuade people to click through to the corrupted link. For example, they could send out spam e-mails pretending to be MyTrustworthyWebsite and linking to www.MyTrustworthyWebsite.com/bye.php?link=http://www.ReallyBadWebsite.com/

Alternate Solution

How does MyTrustworthyWebsite prevent this type of attack? The easiest solution would be to create a database that stores all the addresses that they link to. Then instead of passing the link directly, they would pass the ID for the database entry:

In addition to the page being more secure, there is the added bonus of easier maintenance. It's very common for website links to change. If MyTrustworthyWebsite links to a website several times, they only need to update the external link once.