Posted by Eric B. Bednarz on 09/13/06 02:34

Harlan Messinger <hmessinger.removethis@comcast.net> writes:

> Jukka K. Korpela wrote:

>> then someone else can quite innocently follow a link and arrive at a
>> page without seeing any reference to any contract, as I wrote.
>
> And the company's web logs will show the the EULA was never requested
> by the user.

Oh. How?

> (It seems to me a hack is easily prevented, by inserting
> a random string into a hidden INPUT tag [ObHTML] and expecting to
> receive that same string from the same IP

If the form is available with different protocols, I would settle for
one particular. :)

> to which it was sent and/or
> from within the same user session.)

ISPs can assign a different address to every request of one particular
user. Or the other way round. But I agree that this sort of prevention
is easy to implement, just like identifying the browser with the
user-agent field.


--
||| hexadecimal EBB
o-o decimal 3771
--oOo--( )--oOo-- octal 7273
205 goodbye binary 111010111011

[Back to original message]