Hotbar is a site that allows the user to place skins on IE. More
information can be found at http://hotbar.com/.
The other version I am not sure about.
-Original Message-
From: Ciliotta, Mario [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 19, 2002 1:43 PM
To: CF-Talk
Subject: Bro
> Can anyone tell me exactly what browser these people are
> using to access my site:
>
> "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0; Hotbar
> 4.1.2.0)" --- What is Hotbar4.1.2.0?
>
> "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0; T312461)"
> What is T312461?
>
> I am
>>(Making this up as I go along)
>Instead of making it up as you go along (generally not a good security
>practice,
oh boy, I'm hooped. That was my life mantra.
>they could be summarized as "don't trust data from the browser,
>only accept the data that can legitimately be provided by the user,
>
> Then that's crazy! How do i protect my apps??? 3rd party
> software? Heh
Simple - don't put them on the web
Philip Arnold
Technical Director
Certified ColdFusion Developer
ASP Multimedia Limited
Switchboard: +44 (0)20 8680 8099
Fax: +44 (0)20 8686 7911
www.aspmedia.co.uk
www.aspevents.net
> you may want to check the "referring page" on the page
> catching the form. to make sure it is coming from where
> you expect it to.
This isn't especially effective, as the browser provides this information -
and it's just as easy to change as any other information from the browser.
> ..or y
Browser? Who needs one? Real coders just telnet to port 80. HELO... HELO...
__
Get the mailserver that powers this list at http://www.coolfusion.com
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail
from: Phoeun Pha <[EMAIL PROTECTED]>
> Then that's crazy! How do i protect my apps??? 3rd party software? heh
You determine the level of risk versus the level of effort to protect
your applications.
Then you invest the time, energy, effort, etc. into protecting the pieces
which contain the h
decode the ticket to validate the
submission.
(Making this up as I go along)
HTH
Eric
From: Craig Dudley <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
To: CF-Talk <[EMAIL PROTECTED]>
Subject: RE: Browser Question
Date: Tue, 25 Jun 2002 15:58:45 +0100
Yes it is, hackers sometimes do
> Then that's crazy! How do i protect my apps??? 3rd party
> software?
You write your apps so that they validate all data sent from the browser -
so that your apps don't just trust the data from the browser. That's part of
what it means to be a good CGI programmer.
Dave Watts, CTO, Fig Leaf Sof
> but doesn't that mean open source browsers are prime
> hacking tool?
No. There's nothing you need to do to the browser itself. Internet Explorer
will work fine for all of this. Any browser simply sends text to a remote
server. You can easily read that text, and manipulate it. It simply require
ECTED]
Yahoo IM : morpheus
"My ally is the Force, and a powerful ally it is." - Yoda
> -Original Message-
> From: Cameron Childress [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, June 25, 2002 11:00 AM
> To: CF-Talk
> Subject: RE: Browser Question
>
>
> Progr
:[EMAIL PROTECTED]]
> Sent: Tuesday, June 25, 2002 10:00 AM
> To: CF-Talk
> Subject: RE: Browser Question
>
>
> Programatically - using Javascript - yes. Most any JS book will cover
> several
> ways to do this...
>
>
>
> -Cameron
>
>
>
>
ROTECTED]]
> Sent: Tuesday, June 25, 2002 9:59 AM
> To: CF-Talk
> Subject: RE: Browser Question
>
>
> Yes it is, hackers sometimes do this.
>
>
> -Original Message-
> From: Phoeun Pha [mailto:[EMAIL PROTECTED]]
> Sent: 25 June 2002 15:53
> To: CF-Talk
>
It would be even easier for someone to create there own script with
name/value pairs and submit to the server.
On Tue, 25 Jun 2002, Craig Dudley wrote:
> Yes it is, hackers sometimes do this.
>
>
> -Original Message-
> From: Phoeun Pha [mailto:[EMAIL PROTECTED]]
> Sent: 25 June 2002 15:
Then that's crazy! How do i protect my apps??? 3rd party software? heh
-Original Message-
From: Cameron Childress [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, June 25, 2002 10:00 AM
To: CF-Talk
Subject: RE: Browser Question
Programatically - using Javascript - yes. Most any JS
> When you are on the web and putting information onto a
> form, and press submit, your browser sends information
> to the server. Is it possible to know what exactly your
> browser is sending?
Yes, it's pretty easy to find out what your browser is sending. The easiest
way is to use a record
but doesn't that mean open source browsers are prime hacking tool?
-Original Message-
From: Craig Dudley [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, June 25, 2002 9:59 AM
To: CF-Talk
Subject: RE: Browser Question
Yes it is, hackers sometimes do this.
-Original Message-
Programatically - using Javascript - yes. Most any JS book will cover several
ways to do this...
-Cameron
-
Cameron Childress
Sumo Consulting Inc.
---
cell: 678-637-5072
aim: cameroncf
email: [EMAIL PROTECTED]
> -Original Message-
> From: Phoeun Pha [m
Phoeun Pha wrote:
> Hey guys, any insight on this.
>
> When you are on the web and putting information onto a form, and press
> submit, your browser sends information to the server. Is it possible to
> know what exactly your browser is sending? I mean would it be possible to
> manipulate ex
Yes it is, hackers sometimes do this.
-Original Message-
From: Phoeun Pha [mailto:[EMAIL PROTECTED]]
Sent: 25 June 2002 15:53
To: CF-Talk
Subject: Browser Question
Hey guys, any insight on this.
When you are on the web and putting information onto a form, and press
submit, your br
20 matches
Mail list logo