Re: [PHP] Can I prevent Server variables from being spoofed ? — PHP

You are here: Re: [PHP] Can I prevent Server variables from being spoofed ? « PHP « IT news, forums, messages

Posted by Rasmus Lerdorf on 05/20/05 23:14

Graham Anderson wrote:
> Can the server variable 'user agent' be modified/spoofed by the user?
>
> I have a bunch movies that I want to only open if the user agent
> contains Quicktime Player...
> In my case, if the user agent string contains Quicktime Player, a movie
> url is written for Quicktime to open....
> If the user agent contains a browser, I want php to deny access....not
> write the url for Quicktime to read
>
> is is possible for a script kiddie to spoof user agent server variables
> to fool the server ?

Of course. Some browsers, like Opera, even have a preferences thing
where you can type in whatever user agent string you want. But even
without that it is a trivial thing to spoof. Anything that comes across
the wire to you can be spoofed. This includes the Host: header, the
Referer: header, the User-Agent, cookies, whatever.

-Rasmus

Navigation:

Next in forum: Re: [PHP] Can I prevent Server variables from being spoofed ?
Prev in forum: Re: [PHP] Can I prevent Server variables from being spoofed ?
Thread view: Re: [PHP] Can I prevent Server variables from being spoofed ?

[Reply to this message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация