cookies. cookies. COOKIES. For god sake just listen to somebody. The only way to achieve what you want is to send data to the client and get them to send it back. That's a cookie. What you're looking for is exactly what Google Analytics does, which I mentioned early yesterday. Hit vs. Unique visitors, they even have a graph to show you this exact statistic.
Regarding this little gem: "Then it becomes impossible to know if a page REALLY exists or if my emails are going where intended, or coming from where stated... so am I to assume that traffic addressing in general has FAILED?". No, like I said you cannot be sure of where traffic is coming from or who is getting it with IP, TCP, or HTTP. That's exactly right. In general, we can take it for granted that messages most likely go where intended and most likely come from where they claim to, but this is definitely open to attack and require stronger protocols if you absolutely need to be sure of it. When you search Google, you can feel pretty confident that the results really come from Google because nobody has much to gain by sneaking in their own results. When you connect to your bank's website, it's a much different story and you shouldn't take anything for granted: you need additional protection outside of these three protocols. TLS and SSL use cryptographic techniques to authenticate end points in the communication and to encrypt and sign the data being transmitted so that you can verify it was not tampered with along the way. If you want more information on how to use cookies for what you're doing, I'd be happy to help, and we can probably take the discussion off-list. If you're not willing to use cookies, you can encode it in the URL, and I can help you with that as well. But either way, you are relying on the user to send the information back in tact. If you can't trust your end users to do that and it's important that you know for sure, you will need TLS or SSL. I can hep you get started with these, but there are others on this list with much more knowledge on the subject than myself. -Brian On Wed, Nov 11, 2009 at 4:28 PM, Stephen Love <stephenl...@juno.com> wrote: > > Hmmm... somewhat new to the inner details... all I know is what I research > on my own... have not had a book-learning course on this... but TLS... what > is that? AND... I simply want a list of source identifiers of incoming > requests so that I can check each new one for duplicate incoming source... > just a HITS vs UNIQUE VISITORS. I want NOTHING MORE. I can do add'l tracking > based on time, date, etc, on my own. Just site usage statistics. > > See us online at http://www.LOVEnCompany.com. > > ---------- Original Message ---------- > From: Brian Mearns <mearn...@gmail.com> > To: users@httpd.apache.org > Subject: Re: [us...@httpd] > Date: Tue, 10 Nov 2009 22:34:24 -0500 > > On Tue, Nov 10, 2009 at 6:37 PM, Eric Covener <cove...@gmail.com> wrote: >> On Tue, Nov 10, 2009 at 6:20 PM, Stephen Love <stephenl...@juno.com> >> wrote: >>> So what you are telling me is that there IS no REAL 2-way handshaking >>> going >>> on. Then we've lost ALL hope of security. >>> >> >> What's "REAL" in this context? It's not authenticated and doesn't >> result in some session establishment unless you configure your >> application to require/manage such a thing? >> >> -- >> Eric Covener >> cove...@gmail.com > [clip] > > Yes, why don't you tell us exactly what you want to do, what's your > end goal? Visitor stats? Geographic locating? Authentication of a > real-world identity? There's a lot of very bright and very > knowledgeable people on this list, so if there's any way at all to do > what you want, then there is a very good chance that somebody here > will be able to tell you. It just might not be done the way you think > it should be. > > As many of us have said, TCP is an end to end protocol. And in fact, > it is stateful, so you can send messages back and forth between the > two end points for as long as the connection is open. There is a > handshake that goes on between the two end points to setup this > connection, but this is not any sort of real authentication process > that confirms the identity of either end. What TCP gets you is pretty > good confidence that you are talking to the same person you were when > you started the conversation, but even that confidence is really only > upheld in the absence of active attacks like IP spoofing, and it > provides absolutely no confidence that there aren't other people > listening to the conversation, and potentially even participating in > the conversation. > > If you're looking for security: like making sure no one else is > listening to the conversation, no one else is modifying the > conversation data, and or making sure that the person on the other end > is who they claim to be...then you're going to need a much more > sophisticated protocol than TCP, IP, or HTTP. SSL/TLS provides all > these things, with the latest TLS version believed to be quite secure > with current technologies and techniques. HTTPS layers HTTP over a > secure SSL or TLS connection, and is available in Apache with mod_ssl. > > Your comment that "we've lost ALL hope of security" is quite accurate > with regards to HTTP, TCP, and IP alone. These protocols were really > not designed with any attention to security as security wasn't really > an acknowledged concern at the time they were created. Thus we have > add on protocols like SSL and TLS. > > Anyway, back to my point: tell us what you're actually trying to do > and there's a good chance someone can help you, as long as you're > willing to let go of any preconceived notions on how to get the job > done (that's always the biggest stumbling block to learning something > new). > > Cheers, > -Brian > > -- > Feel free to contact me using PGP Encryption: > Key Id: 0x3AA70848 > Available from: http://keys.gnupg.net > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > " from the digest: users-digest-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > > ____________________________________________________________ > Pharmacy Assistant School > Earn a Pharmacy Technician Degree. Get free info and Apply Today! > -- Feel free to contact me using PGP Encryption: Key Id: 0x3AA70848 Available from: http://keys.gnupg.net --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
