Re: [PHP] How secure is this?
Yo, tedd... [David Tulloh] Your example fails for me, Firefox and Mozilla. The rpc.php file doesn't seem to return anything. [/David Tulloh] ...it does the same for me... ok, on that way a bot will never get your mail-adr... ;) [David Tulloh] To answer your question though, a bot is capable of getting anything that a human can, probably more. It's all a question of effort. As the email scrapers get plenty of hits looking for standard email addresses, they don't put much effort into getting addresses from people who try to hide them (people who hide them are also less likely to fall for spam). In the current environment, I don't think any bot is going to bother running javascript, so any obstuftication using javascript should be safe. [/David Tulloh] I have to agree, even the image-method isn't that save anymore nowadays and it is definetly not recommended by accessibility guidelines ! (see CAPTCHA and related)... bb Björn Bartels -Development/IT-Services- -- dbusiness.de gmbh digital business printing gmbh Greifswalder Str. 152 D-10409 Berlin Fon: [0.30] 4.21.19.95 Fax: [0.30] 4.21.19.74 www.dbusiness.de [EMAIL PROTECTED] ftp://dbusiness.dyndns.org -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How secure is this?
Björn, and David said: Yo, tedd... [David Tulloh] Your example fails for me, Firefox and Mozilla. The rpc.php file doesn't seem to return anything. [/David Tulloh] ...it does the same for me... ok, on that way a bot will never get your mail-adr... ;) LOL Björn David: The current site renders in Safari, but I failed to check it in BrowserCam for other browsers. The rcp code checks to see where the request is coming from before doing anything. I'm trying to protect from a directory traversal attack by using: if(isset($_SERVER['HTTP_REFERER'])) but apparently, browsers treat that differently -- I didn't know that. I feel like I'm beating a dead horse that wouldn't pull a wagon anyway, but at least it has been a learning experience for me. Thanks for your review and effort. tedd -- http://sperling.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How secure is this?
On 2/22/06, tedd [EMAIL PROTECTED] wrote: PS: This site works for: Opera 8.5+, Safari, Netscape 7.2+, Mozillia 1.6+, FireFox 1.0.7+, Konqueror 3.4.0+, and IE 5+ (except Mac) Doesn't work for me firefox 1.0.3 on fedora core 3. FYI, javascript consoles outputs: Error: document.getElementById(update[0]) has no properties Source File: http://www.xn--ovg.com/aja/test.js Line: 35 Cheers Matt
[PHP] How secure is this?
Hi gang: A few days ago I posted my first attempt ajax. I posed the question Could a bot find my email address contained within the code? There was some discussion, but I wasn't sure as to what the decision was, so I made another example, which can be found at: http://www.xn--ovg.com/aja How secure is this from bots? Could a bot (or anyone) get to my email address via the code? Of course, you can read my email address by looking at the site, but I think I've hidden the code well enough from bots -- am I wrong? And if so, how would a bot, or anyone for that matter, find it? Thanks for looking and any suggestions you may have. tedd PS: This site works for: Opera 8.5+, Safari, Netscape 7.2+, Mozillia 1.6+, FireFox 1.0.7+, Konqueror 3.4.0+, and IE 5+ (except Mac) -- http://sperling.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How secure is this?
Hi tedd... is this enough... : http://www.xn--ovg.com/aja/rpc.php?action=start in my opinion, an img src=crt_eml_btn.php onclick=contact() is a handy way... cheers bb Hi gang: A few days ago I posted my first attempt ajax. I posed the question Could a bot find my email address contained within the code? There was some discussion, but I wasn't sure as to what the decision was, so I made another example, which can be found at: http://www.xn--ovg.com/aja How secure is this from bots? Could a bot (or anyone) get to my email address via the code? Of course, you can read my email address by looking at the site, but I think I've hidden the code well enough from bots -- am I wrong? And if so, how would a bot, or anyone for that matter, find it? Thanks for looking and any suggestions you may have. tedd PS: This site works for: Opera 8.5+, Safari, Netscape 7.2+, Mozillia 1.6+, FireFox 1.0.7+, Konqueror 3.4.0+, and IE 5+ (except Mac) -- http://sperling.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Björn Bartels -Development/IT-Services- -- dbusiness.de gmbh digital business printing gmbh Greifswalder Str. 152 D-10409 Berlin Fon: [0.30] 4.21.19.95 Fax: [0.30] 4.21.19.74 www.dbusiness.de [EMAIL PROTECTED] ftp://dbusiness.dyndns.org -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How secure is this?
Your example fails for me, Firefox and Mozilla. The rpc.php file doesn't seem to return anything. To answer your question though, a bot is capable of getting anything that a human can, probably more. It's all a question of effort. As the email scrapers get plenty of hits looking for standard email addresses, they don't put much effort into getting addresses from people who try to hide them (people who hide them are also less likely to fall for spam). In the current environment, I don't think any bot is going to bother running javascript, so any obstuftication using javascript should be safe. David tedd wrote: Hi gang: A few days ago I posted my first attempt ajax. I posed the question Could a bot find my email address contained within the code? There was some discussion, but I wasn't sure as to what the decision was, so I made another example, which can be found at: http://www.xn--ovg.com/aja How secure is this from bots? Could a bot (or anyone) get to my email address via the code? Of course, you can read my email address by looking at the site, but I think I've hidden the code well enough from bots -- am I wrong? And if so, how would a bot, or anyone for that matter, find it? Thanks for looking and any suggestions you may have. tedd PS: This site works for: Opera 8.5+, Safari, Netscape 7.2+, Mozillia 1.6+, FireFox 1.0.7+, Konqueror 3.4.0+, and IE 5+ (except Mac) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php