> A 99% solution is what I strive to get, between javascript > and CSS incompatibilty's between browsers, all kinds of HTML, > table and form tags looking different between systems, and > everything else which breaks design compatibility between the > two, the programming side, having the IP check is great, with > referer check the original user and the hacker who gets there > SID just have both be runnign IE if it was a browser check, > I'm willing to live with the possibility that someone could > lose there session (though it hasn't happened yet) and if it > does maybe we'll look at a different way to do it.
Just to bring up your browser/referrer checks, have you seen this in your weblogs? "Field blocked by Outpost (http://www.agnitum.com)" That's the referrer (HTTP_REFERER) field. :) Another popular product (Norton Internet Security) will block HTTP_REFERER by default also. (It also has the ability to block the browser agent, but it's not on by default) I've seen others that change HTTP_REFERER into HTTP_WEFERER and hash the data so you can't see what it was originally. I'm not sure which product does this. Jaime Bozza -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php