2007. 11. 17, szombat keltezéssel 23.15-kor Stut ezt írta: > admin@xxxxxxxxxxxxxxxxxxx wrote: > > WHY! Would you even want to pull that data first off? > > It would be out dated as of the next transaction anyway. > > Secondly if you can curl the data from the server, and get your account > > information! I suggest you change banks. > > With that attitude you'll end up keeping your money under your bed. > Anything my browser can do curl can do. hmm, my bank won't let me access my account with only a browser. it uses some additional authentication, either by sms or by card reader. greets Zoltán Németh > > > Bad decision I think to make this attempt. > > Why? If Ronald decides to access *his* account using a method other than > a browser, what is he doing wrong? The only downside to it is if he's > storing his authentication credentials somewhere so it can be an > automated process. Aside from that possibility I don't see the bad here. > > > You can bet I will be watching your networks for an attempt on > > authentication failures. > > Because that request does not sound RIGHT to me. > > > > inetnum: 59.124.0.0 - 59.127.255.255 > > netname: HINET-NET > > country: TW > > descr: CHTD, Chunghwa Telecom Co.,Ltd. > > descr: Data-Bldg.6F, No.21, Sec.21, Hsin-Yi Rd. > > descr: Taipei Taiwan 100 > > > > > > Interland, Inc. MAXIM-NETBLK-1 (NET-216-65-0-0-1) > > 216.65.0.0 - 216.65.127.255 > > Poke Internet Services MAX-CUSTNET-348 (NET-216-65-86-0-1) > > 216.65.86.0 - 216.65.86.255 > > Wow. Look everyone, he knows how to look up the owner of an IP address. > Phear his mad sysadmin skillz! > > Seriously, I highly doubt Ronald is going to try anything against your > systems. Just curious about something... what would you do if he did try > something? Call your mother and have a little cry? > > > -----Original Message----- > > From: Ronald Wiplinger [mailto:ronald@xxxxxxxxx] > > Sent: Friday, November 16, 2007 11:38 PM > > To: PHP General list > > Subject: bank query and curl > > > > I have a bank account and would like to query the last transactions. > > > > I can do that now via web and think that I can convert this procedure to > > a list of curl requests and finally put the result into a database on my > > server. > > Fortunately this bank account does not allow transactions, just viewing > > the account. > > > > Is there a guide available how to start this project? > > I would suggest the curl documentation. In order to duplicate what a > browser does you basically just need to make sure you persist cookies > between requests. Depending on what the site you're accessing does it > may not be particularly trivial to do this. You may end up needing to > parse each page that's returned to get the right URL to use for the next > request, but it shouldn't get any more complicated than that. > > As I mentioned above I would strongly recommend that you do not store > your authentication credentials anywhere. If you need this to be an > automated system don't bother - it's not worth the risk. > > Oh, and don't underestimate the damage that can be caused by someone > gaining access to this account. Just because you can't carry out > transactions through the site doesn't mean the information it gives you > access to can't be used for evil purposes. > > One last thing... you may find yourself getting blocked from the banks > site if you make too many failed requests. You may want to pick another > site while you learn how curl works. > > -Stut > > -- > http://stut.net/ > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
