Smolt: firsboot revisited
Dennis Gilmore
dennis at ausil.us
Fri Feb 16 04:56:01 UTC 2007
Once upon a time Thursday 15 February 2007, Arthur Pemberton wrote:
> On 2/15/07, R P Herrold <herrold at owlriver.com> wrote:
> > On Thu, 15 Feb 2007, Dennis Gilmore wrote:
> > > Did you look at the code like i asked last time ? IP's are
> > > not collected. the data is transmitted by post so there is
> > > is no way to tie a UUID to an ip
> >
> > ummm ... don't be silly -- it is trivial to associate an
> > originating IP to a POST
> >
> > This test widget at http://www.herrold.com/post/ has this
> > HTML code to the client:
> >
> > <form method="post">
> > Digits only please: <input type="text" name="acme"><br>
> > <input type="submit" name="show" value="show">
> > </form>
> >
> > and reveals the REMOTE_ADDR quite readily.
> >
> > The source PHP may be viewed at:
> >
> > http://www.herrold.com/post/index.phps
> >
> > -- Russ Herrold
>
> I have to agree with this. Not that I think that this is specifically
> a problem. But it was false to imply that an HTTP Post is immune to IP
> harvesting.
sure it could be done if smolt was coded to do so but if it was in a GET it
would be in the logs.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20070215/a64334ca/attachment.sig>
More information about the fedora-devel-list
mailing list