[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Smolt: firsboot revisited



Once upon a time Thursday 15 February 2007, Arthur Pemberton wrote:
> On 2/15/07, R P Herrold <herrold owlriver com> wrote:
> > On Thu, 15 Feb 2007, Dennis Gilmore wrote:
> > > Did you look at the code like i asked last time ?  IP's are
> > > not collected. the data is transmitted by post so there is
> > > is no way to tie a UUID to an ip
> >
> > ummm ... don't be silly -- it is trivial to associate an
> > originating IP to a POST
> >
> > This test widget at http://www.herrold.com/post/ has this
> > HTML code to the client:
> >
> > <form method="post">
> > Digits only please: <input type="text" name="acme"><br>
> > <input type="submit" name="show" value="show">
> > </form>
> >
> > and reveals the REMOTE_ADDR quite readily.
> >
> > The source PHP may be viewed at:
> >
> > http://www.herrold.com/post/index.phps
> >
> > -- Russ Herrold
>
> I have to agree with this. Not that I think that this is specifically
> a problem. But it was false to imply that an HTTP Post is immune to IP
> harvesting.
sure it could be done  if smolt was coded to do so  but if it was in a GET  it 
would be in the logs.



Attachment: pgpe6bBlUJ9OP.pgp
Description: PGP signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]