[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Smolt: firsboot revisited



On 2/15/07, R P Herrold <herrold owlriver com> wrote:
On Thu, 15 Feb 2007, Dennis Gilmore wrote:

> Did you look at the code like i asked last time ?  IP's are
> not collected. the data is transmitted by post so there is
> is no way to tie a UUID to an ip

ummm ... don't be silly -- it is trivial to associate an
originating IP to a POST

This test widget at http://www.herrold.com/post/ has this
HTML code to the client:

<form method="post">
Digits only please: <input type="text" name="acme"><br>
<input type="submit" name="show" value="show">
</form>

and reveals the REMOTE_ADDR quite readily.

The source PHP may be viewed at:

http://www.herrold.com/post/index.phps

-- Russ Herrold

I have to agree with this. Not that I think that this is specifically
a problem. But it was false to imply that an HTTP Post is immune to IP
harvesting.
--
Fedora Core 6 and proud


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]