browser security?

blinux-mail at AegisInfoSys.com blinux-mail at AegisInfoSys.com
Fri Oct 7 06:51:03 UTC 2011 

There is no overt way that a site can tell what visitor is accessing it.
The normal communications protocol says that a browser should tell the
site what kind of browser it is when first contacting the site.  This
is not required, so a browser could tell the site something else, or
even nothing at all.

The protocol identifier for this is called the "User-Agent:" header.
The parameter in lynx to set this is "-useragent=whatever".
For instance, to browse to a site using lynx while "pretending" to
be an old version of firefox:

  lynx -useragent='Mozilla/4.79 [en] (X11; U; Linux 2.4.18-3 i686; Nav)' http://whatever.com

On Thu, Oct 06, 2011 at 19:13:39PM -0400, Karen Lewellen wrote:
> Just found this.
> Hang a second, most browser s can   be configured so the site thinks it is 
> something else?
> I knew ebrowse had this ability, but did not think others did
> I am very curious how this might impact  functionality,  what does one do 
> to accomplish this marvel?
> Karen
> On Thu, 8 Sep 2011, Henry Yen wrote:
> 
> >On Wed, Sep 07, 2011 at 18:01:03PM -0400, Karen Lewellen wrote:
> >>The other question is if anyone can point me to something  of an article
> >>nature regarding  open-source browsers and security?
> >
> >Most browsers, whether open-source or not, are mostly the same in this
> >regard (over time).
> >
> >>I am finding that companies will know simply block access to anything but
> >>ie or if you are lucky firefox, with the claim that the browsers suggested
> >>for Ada / section 508 /  w3c type access are a security risk.  Never mind
> >>what barriers this creates for using the site services.  they are starting
> >>to do it as well with earlier editions of ie, so soon that door will be
> >>closed as well.
> >
> >Most browsers, including lynx the text browser, can be configured to report
> >their identity as a different browser.  It's virtually impossible for a
> >website to identify a browser other than by simply asking it, so if I
> >configure my lynx session to report that it's opera, the website will
> >dutifully believe it.

-- 
Henry Yen                                       Aegis Information Systems, Inc.
Senior Systems Programmer                       Hicksville, New York

More information about the Blinux-list mailing list