|
|
Posted by Jason Barnett on 06/20/05 20:04
bruce wrote:
> hi...
>
> a number of you write apache/web/server apps that deal with secure
> information.. in doing some research it occured to me that a potential weak
> link is on the client side, regarding the browser? how many of you actually
> attempt to verify that the browser being used by the client is indeed a
> legitimate (non-hacked) browser??
>
> or is there even a way to do this?
>
> or should i just go back to sleep..??
>
> thanks
>
> -bruce
> bedouglas@earthlink.net
Quite frankly I don't see how you are going to do this. The only thing
I know of that might indicate the version / type of browser that is
being used is the User Agent string, but it's not hard for this to be
forged. So you could very well be dealing with an IE user that has a
Mozilla Fire(fox|bird|????) User Agent string.
More to the point: are you concerned that someone is using an unpatched
browser that has holes, or are you concerned that someone is using a
binary that has been hacked to pieces and rebuilt to look just like a
normal browser? Because I really, REALLY don't think there would be a
way to test for the second problem. What do you look for? How in the
world do you find it?
--
NEW? | http://www.catb.org/~esr/faqs/smart-questions.html
STFA | http://marc.theaimsgroup.com/?l=php-general&w=2
STFM | http://php.net/manual/en/index.php
STFW | http://www.google.com/search?q=php
Navigation:
[Reply to this message]
|