RE: Re: security question...??

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



jason...

it's the 2nd point... the hacked app that i'm concerned/thinking about...

as i stated, a secure app/system incorporates not just the system, and the
wire, it also deals with the client app that's being used.

and in fact, i'm of the belief that the manufacturers/developers of a given
app could in fact provide some function on their servers that you could
check against to verify that the browser/app in question is indeed
legitimate...

as to the details, i'm not exactly sure how it could be accomplished, but
i'm pretty sure it could be done...

i'm not trying to stop someone from copying an app... i just want to know
that the version of IE that i'm talking to is indeed a good/not hacked
copy...

-bruce


-----Original Message-----
From: Jason Barnett [mailto:jason.barnett@xxxxxxxxxxxxx]
Sent: Monday, June 20, 2005 10:05 AM
To: php-general@xxxxxxxxxxxxx
Subject:  Re: security question...??


bruce wrote:
> hi...
>
> a number of you write apache/web/server apps that deal with secure
> information.. in doing some research it occured to me that a potential
weak
> link is on the client side, regarding the browser? how many of you
actually
> attempt to verify that the browser being used by the client is indeed a
> legitimate (non-hacked) browser??
>
> or is there even a way to do this?
>
> or should i just go back to sleep..??
>
> thanks
>
> -bruce
> bedouglas@xxxxxxxxxxxxx

Quite frankly I don't see how you are going to do this.  The only thing
I know of that might indicate the version / type of browser that is
being used is the User Agent string, but it's not hard for this to be
forged.  So you could very well be dealing with an IE user that has a
Mozilla Fire(fox|bird|????) User Agent string.

More to the point: are you concerned that someone is using an unpatched
browser that has holes, or are you concerned that someone is using a
binary that has been hacked to pieces and rebuilt to look just like a
normal browser?  Because I really, REALLY don't think there would be a
way to test for the second problem.  What do you look for?  How in the
world do you find it?

--
NEW? | http://www.catb.org/~esr/faqs/smart-questions.html
STFA | http://marc.theaimsgroup.com/?l=php-general&w=2
STFM | http://php.net/manual/en/index.php
STFW | http://www.google.com/search?q=php

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux