|
|
Posted by Rami Elomaa on 04/28/07 20:23
Johnny BeGood kirjoitti:
> Hi Michael,
>
> Perhaps I should explain, the user of the site, who will be the owner of
> the phone will have volunteered that data in the first place, I just
> want to be able to check that it is that actual phone that is logging
> on,
There are alternative, better ways for authorizing the user.
> this data is available throught HTTP Headers from the phone.
No, it isn't. And even if it were, do you realize how easy it is to open
pages with php and write custom headers. Say I want to hack in your
system. Fine, I'll just open a socket with fsockopen, write the headers,
insert your phone number in the headers and chi-ching, you're pwend.
Secure? I don't think so, Tim.
> I do agree with you on the privacy issue.
Then you'll understand why it isn't in the headers. What makes you think
it would be?
If you don't believe me, just echo the entire header to see for
yourself. <?php print_r(getallheaders()); ?> If the phone number was
there, please let me know...
--
Rami.Elomaa@gmail.com
"Wikipedia on vähän niinq internetin raamattu, kukaan ei pohjimmiltaan
usko siihen ja kukaan ei tiedä mikä pitää paikkansa." -- z00ze
Navigation:
[Reply to this message]
|