----- Original Message ----- From: Stuart <stuttle@xxxxxxxxx> To: R B <rbpphp@xxxxxxxxx> Cc: PHP List <php-general@xxxxxxxxxxxxx> Date: Mon, 26 Jan 2009 19:53:17 +0000 Subject: Re: Non-traditional software accessing my website > 2009/1/26 R B <rbpphp@xxxxxxxxx>: > > Is there a way to be sure that a website is going to be accessed only by > > traditional browsers and not from another > > software that send to the server the same headers of any of the traditional > > browsers? > > For example, supose that i only want to give access to my site users from > > firefox, ie, chrome and safari, because > > i know that the users can´t download the copyright information of the > > website to the temporary files with anyone > > of this browsers. > > > > How can i be sure that someone that develop a mini-browser or a software > > can´t access my site sending the same > > header information of traditional browsers? > > > > In this case, the validation of HTTP_USER_AGENT isn´t a solution. > > As Rob has so eloquently said, you can't. Might I suggest you address > the problem you've created, that of viewing the copyright info, rather > than trying to control what people do with your publicly accessible > site, which is a battle you can't win. > > -Stuart > Stuart's right.. if your big issue is not allowing people to make their own copy of the material, then the issue is bigger than restricting access to just certain browsers. I'm not sure how you're keeping people from 'stealing' the data with IE, FF, etc, but chances are.. it's hardly a complete protection. Just doing things like disabling right-click, or text selection or something, isn't going to offer complete protection. Then, the issue you're asking about specifically, you have an issue of someone using wget or something to just download a copy of the page. Since a browser downloads copies of the content to display it, you have to allow download for people to view your page. The only real way you're going to protect copyrighted material is to use something fairly complex like making the users view the content via a java or flash app, so they're not really storing the data in a conveniently 'stealable' way. Then again, if it's images/video.. there are plenty of programs for capturing that data. Going back to your question, though... "How do I prevent people from accessing my content if they're not using an approved browser..", there's not much you can do from PHP, but you may be able to use Javascript to get a 'fingerprint' of the browser and try to determine if it's a proper browser by querying JS objects to see if they're supported. Something like wget isn't going to support JS (or not much.. I don' believe it does though.. cookies, yes, js no.. correct me if I'm wrong though). Other browsers that may spoof the user agent to fool you, may have other characteristics that reveal that they're not an approved browser. But that would be a huge pain in the ass and not likely to restrict all the browsers you don't want accessing the site. If you want an example of what JS and such can determine about your browser, check out BrowserHawk's site: http://www.cyscape.com/showbrow.aspx Anyway, just some stuff to think about. I wouldn't say absolutely "you can't", but the techncial aspects of what you're asking are severely prohibitive. -TG -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
