* "bruce" <bedouglas@xxxxxxxxxxxxx>: > a number of you write apache/web/server apps that deal with secure > information.. in doing some research it occured to me that a potential weak > link is on the client side, regarding the browser? how many of you actually > attempt to verify that the browser being used by the client is indeed a > legitimate (non-hacked) browser?? > > or is there even a way to do this? > > or should i just go back to sleep..?? What's the point? The reason I ask is that (1) it shouldn't matter HOW the HTTP request is initiated. What *should* matter is that the page handles the request gracefully and returns something (HTTP headers only, or headers + page) as a result. The request is simply a TCP transmission, nothing more, nothing less. (2) What is done with the page once received by the client shouldn't be an issue, either. Browsers may render the page however they choose; HTML is meant to give hints as to how to perform layout, but in the end, it's just a huge string. Is there some specific issue you're thinking about? -- Matthew Weier O'Phinney | WEBSITES: Webmaster and IT Specialist | http://www.garden.org National Gardening Association | http://www.kidsgardening.com 802-863-5251 x156 | http://nationalgardenmonth.org mailto:matthew@xxxxxxxxxx | http://vermontbotanical.org -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php