Once upon a time Thursday 15 February 2007, Arthur Pemberton wrote: > On 2/15/07, R P Herrold <herrold owlriver com> wrote: > > On Thu, 15 Feb 2007, Dennis Gilmore wrote: > > > Did you look at the code like i asked last time ? IP's are > > > not collected. the data is transmitted by post so there is > > > is no way to tie a UUID to an ip > > > > ummm ... don't be silly -- it is trivial to associate an > > originating IP to a POST > > > > This test widget at http://www.herrold.com/post/ has this > > HTML code to the client: > > > > <form method="post"> > > Digits only please: <input type="text" name="acme"><br> > > <input type="submit" name="show" value="show"> > > </form> > > > > and reveals the REMOTE_ADDR quite readily. > > > > The source PHP may be viewed at: > > > > http://www.herrold.com/post/index.phps > > > > -- Russ Herrold > > I have to agree with this. Not that I think that this is specifically > a problem. But it was false to imply that an HTTP Post is immune to IP > harvesting. sure it could be done if smolt was coded to do so but if it was in a GET it would be in the logs.
Description: PGP signature