FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » Browser fingerprinting?
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: Browser fingerprinting? [message #182803 is a reply to message #182801] Sun, 15 September 2013 20:27 Go to previous messageGo to previous message
bill is currently offline  bill
Messages: 310
Registered: October 2010
Karma:
Senior Member
Path: textnews.cambrium.nl!feeder2.cambriumusenet.nl!feed.tweaknews.nl!212.27.60. 9.MISMATCH!feeder2-2.proxad.net!proxad.net!feeder1-2.proxad.net!usenet-fr.n et!gegeweb.org!aioe.org!.POSTED!not-for-mail
From: Twayne <nobody(at)spamcop(dot)net>
Newsgroups: comp.lang.php
Subject: Re: Browser fingerprinting?
Date: Sun, 15 Sep 2013 16:27:28 -0400
Organization: Aioe.org NNTP Server
Lines: 31
Message-ID: <l1557f$gfq$1(at)speranza(dot)aioe(dot)org>
References: <9sd439tbmqhqgqice5psd6nd3018rcr5v6(at)4ax(dot)com> <l0tvb5$2ot$1(at)dont-email(dot)me> <f4f539loti3ds3elv7s5qifjnv3o9ham1k(at)4ax(dot)com> <l1076e$a9s$1(at)speranza(dot)aioe(dot)org> <vmn939pmm184ciferi83kb1gbklgv370l4(at)4ax(dot)com>
NNTP-Posting-Host: sxz+YiVX1xGhpfYRODJHIA.user.speranza.aioe.org
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Complaints-To: abuse(at)aioe(dot)org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130801 Thunderbird/17.0.8
X-Notice: Filtered by postfilter v. 0.8.2
Xref: textnews.cambrium.nl comp.lang.php:142314

On 2013-09-14 6:11 PM, Gilles wrote:
> On Fri, 13 Sep 2013 19:30:18 -0400, Twayne <nobody(at)spamcop(dot)net> wrote:
>> If it were easy to do, it'd also be widely publicized and available.
>
> Thanks for the feedback.
>

Welcome.
I'm empathetic because I'm working along the same research lines as you
are. The only thing I'm sure of is, it has to be done server-side;
anything client-side can weed out some of it and save a tiny bit of
server traffic, but from the client side it's too easy. Those guys won't
be allowing js on their machines so js isn't going to be much good.
Right now all I can see doing is sanitizing and especially
validation of ALL inputted data. There are ways to catch enough of them
that at least it becomes too much effort for the bad guys to bother
with. And never forget htmlentities and htmlspecialcharacters; along
with the right sanitizing, they can at least render anything that comes
through useless.
The biggest problem IMHO is to make a textarea safe. HTML 5 now
includes the max length attribute but a miscreant isn't going to be
using anything 5 compliant if he's got more than one brain cell.
Personally I've managed so far to avoid javascript and instead look at
things like ctype, str-replace for validation uses, and whatever filters
will work. Counting page views help, in addition to keeping a list of
miscreant IPs and their proxy information when you can get it, but the
smart ones are still going to be by it.
All you can do is your best :)

Twayne`
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: syntax error or notepad++ error?
Next Topic: Learing PHP, Javascript, and Python on the Cheap, Help!
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Sat Nov 23 07:49:07 GMT 2024

Total time taken to generate the page: 0.04935 seconds