|
|
Posted by Matthew Weier O'Phinney on 06/20/05 23:22
* "bruce" <bedouglas@earthlink.net>:
> a number of you write apache/web/server apps that deal with secure
> information.. in doing some research it occured to me that a potential weak
> link is on the client side, regarding the browser? how many of you actually
> attempt to verify that the browser being used by the client is indeed a
> legitimate (non-hacked) browser??
>
> or is there even a way to do this?
>
> or should i just go back to sleep..??
What's the point?
The reason I ask is that (1) it shouldn't matter HOW the HTTP request is
initiated. What *should* matter is that the page handles the request
gracefully and returns something (HTTP headers only, or headers + page)
as a result. The request is simply a TCP transmission, nothing more,
nothing less.
(2) What is done with the page once received by the client shouldn't be
an issue, either. Browsers may render the page however they choose; HTML
is meant to give hints as to how to perform layout, but in the end, it's
just a huge string.
Is there some specific issue you're thinking about?
--
Matthew Weier O'Phinney | WEBSITES:
Webmaster and IT Specialist | http://www.garden.org
National Gardening Association | http://www.kidsgardening.com
802-863-5251 x156 | http://nationalgardenmonth.org
mailto:matthew@garden.org | http://vermontbotanical.org
Navigation:
[Reply to this message]
|