On Friday 10 October 2003 02:23 pm, HaywireMac wrote: > > That depends on your pages. If you use a CGI method, each page that > > can be reached via URL must be CGI based. If you use a PHP method, > > the same holds true. If you mix html, dhtml, CGI, etc. it is not a > > simple cut and paste function. > > Well there, the site linked above seems to differ with you. The claim is > that it is impossible to bypass (unless you spoof the browser ID or go > through a proxy, etc.) > > Quote: > > " It has the added advantage that it doesn't require CGI execution or > redirection, and can't be circumvented by knowing the URL for the "real" > page. It's pretty simple, actually. Place this code at or near the top > of your code, before any output has occurred."
No, actually, I suspect that they are confirming what I said. They assume that all of your pages are PHP and that you include the detection mechanism on all pages. If you were running something like post-nuke or nuke, or another PHP type of content management system, you could simply add the code to a template and it would automatically be placed on every page that was pulled from that template. Since all pages are created from the same template and generated dynamically, the code would be on all pages. If you had both HTML as well as PHP pages and I had the URL to one of the HTML pages, I could bypass the code, correct? > All of my pages are .php, so this is the method I'll try. Anyhow, we'll > see how it goes, I have Wine installed and IE so I can test it. > > > The fact is that if I can load a page without loading the specific > > redirect code that you created, I can bypass the detection. Also, if > > I use a proxy server that doesn't pass a browser id header, I can > > bypass the redirect. If you are trying to lock out a specific > > browser, it is easier to bypass than if you only accepted a particular > > one. Without a browser header, the default behavior is probably to > > display the normal page. With most detection mechanisms, the default > > is to not display unless the browser identifies itself as a certain > > type. Even that can be spoofed, although not trivially with IE. > > I'm not lookin' fer a 100% blockade, I'll be happy if even 1 or 2 people > get the message, esp. considering the pathetic level of traffic my site > generates. > > Even if just a few people did this kind of thing, it could catch on and > generate quite a stir, IMHO. Not so much, as I say, to make it > *impossible*, but very difficult to ignore, knowwhatimsayin'? Well, I probably disagree with what you are doing having the result you intend. There is no point in attempting to get anyone to abandon IE at this point. MS has already announced that 6.0 will be the last standalone version of IE. All future versions will only be available as an integrated part of the Windows OS. So, within a few years, we will see people moving away from IE if they want to continue to move forward with technology but still keep running their old OS, be it windows or otherwise. People who move to the new versions of Windows are likely not to have any choice since MS plans to close down the OS to outside development as soon as the Palladium stuff gets going. I suspect that third-party applications will only be approved if they do not directly compete with internal MS applications and browsers do. Given that, it is inevitable that Opera, Mozilla and others will be the de-facto standards for browsers and IE will only maintain what marketshare they get from the OS itself. -- Bryan Phinney Software Test Engineer
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com