See. http://slashdot.org/articles/01/03/20/1423223.shtml
On Fri, Nov 16, 2001 at 12:13:48PM -0500, Stephen Adkins wrote: > > FYI. > > This is true as a rule, that HTTP_USER_AGENT only identifies the > browser type, without a serial number. > > Mozilla/4.0 (compatible; MSIE 5.0; Mac_PowerPC) > Mozilla/4.0 (compatible; MSIE 5.0; MSNIA; AOL 4.0; Windows 98; DigExt) > Mozilla/4.0 (compatible; MSIE 5.0; Windows 3.1) > Mozilla/4.0 (compatible; MSIE 5.0; Windows 95) > Mozilla/4.0 (compatible; MSIE 5.0; Windows 95) Opera 5.0 [en] > > However, I have seen in my web log the following user agents > > Mozilla/4.0 (compatible; MSIE 5.0; Windows > 95)::ELNSB50::00000510028001e002800140000000000506000800000000 > Mozilla/4.0 (compatible; MSIE 5.0; Windows > 95)::ELNSB50::00002110028001e0025c00ea000000000503002a00000000 > Mozilla/4.0 (compatible; MSIE 5.0; Windows > 95)::ELNSB50::00002110028001e0027a0129000000000505000b00000000 > Mozilla/4.0 (compatible; MSIE 5.0; Windows > 95)::ELNSB50::0000211003200258024b015f000000000505000b00000000 > Mozilla/4.0 (compatible; MSIE 5.0; Windows > 95)::ELNSB50::000041100320025800c001b2000000000505000b00000000 > Mozilla/4.0 (compatible; MSIE 5.0; Windows > 95)::ELNSB50::000041100320025800c001b6000000000505000b00000000 > Mozilla/4.0 (compatible; MSIE 5.0; Windows > 95)::ELNSB50::000041100320025801f3018f000000000505000b00000000 > Mozilla/4.0 (compatible; MSIE 5.0; Windows > 95)::ELNSB50::000041100320025802940113000000000502000800000000 > Mozilla/4.0 (compatible; MSIE 5.0; Windows > 95)::ELNSB50::000041100320025803170186000000000505000b00000000 > Mozilla/4.0 (compatible; MSIE 5.0; Windows > 95)::ELNSB50::0000411003200258031a018e000000000505000b00000000 > Mozilla/4.0 (compatible; MSIE 5.0; Windows > 95)::ELNSB50::0000411003200258031c019c000000000506000800000000 > Mozilla/4.0 (compatible; MSIE 5.0; Windows > 95)::ELNSB50::0000411003200258031e01aa000000000505000b00000000 > Mozilla/4.0 (compatible; MSIE 5.0; Windows > 95)::ELNSB50::0000411003200258032001b3000000000506000800000000 > Mozilla/4.0 (compatible; MSIE 5.0; Windows > 95)::ELNSB50::000041100400030003df0204000000000506000800000000 > Mozilla/4.0 (compatible; MSIE 5.0; Windows > 95)::ELNSB50::000081100320025802f90178000000000505000b00000000 > > This indicates to me that some vendors who distribute MSIE 5.0 > on their PC's include some sort of ID in the HTTP_USER_AGENT > that the browser reports. (!?!) (privacy advocates beware!) > > Stephen > > > At 10:46 AM 11/16/2001 -0600, Joe Breeden wrote: > >The HTTP_USER_AGENT doesn't identify unique users. It only identifies the > >browser type/version (assuming it hasn't been messed with). > > > > > >--Joe Breeden > >--------------------------------------- > >If it compiles - Ship It! > >Aranea Texo > > > >> -----Original Message----- > >> From: Jon Robison [mailto:[EMAIL PROTECTED]] > >> Sent: Friday, November 16, 2001 10:40 AM > >> To: [EMAIL PROTECTED] > >> Cc: Jonathan E. Paton; [EMAIL PROTECTED] > >> Subject: Re: Doing Authorization using mod_perl from a programmers > >> perspective > >> > >> > >> fliptop wrote: > >> > > >> > Jon Robison wrote: > >> > > > >> > > The most relevant section for you is the Ticket system he > >> describes. (I > >> > > believe the section header says something about Cookies, > >> but you'll know > >> > > you have the right one when you see TicketAccess.pm, > >> TicketTools.pm, and > >> > > TicketMaster.pm. One nice addition is the ability to add > >> encryption to > >> > > the Ticket, and the fact that the author used an MD5 hash > >> (of an MD5 > >> > > hash!) in the cookie, so verification of the authenticity > >> of the user is > >> > > pretty solid so long as you leave in things like ip > >> address, etc. which > >> > > he uses in the cookie by default. (Although AOL and some > >> proxy systems > >> > > might cause this to be trouble). AND, he also uses a > >> mysql db for the > >> > > >> > i have found that using the HTTP_USER_AGENT environment > >> variable instead > >> > of ip address solves the problem with proxy servers and the > >> md5 hash. > >> > anyone ever tried this as a simple workaround? > >> > >> I think one problem with that is that is fails to uniquely > >> identify the > >> person. > >> > >> Someone please tell me if I am wrong - does the USER_AGENT field get > >> some kind of special serial number from the browser, or is it just a > >> version identified? > >> > >> Best example - large company with 1000 PC's, all with same Netscape > >> installed. How then does the HTTP_USER_AGENT field deliniate between > >> PC's? > >> > >> --Jon > >> > > > > >
