Smolt: firsboot revisited

Arthur Pemberton pemboa at gmail.com
Fri Feb 16 05:24:10 UTC 2007


On 2/15/07, Dennis Gilmore <dennis at ausil.us> wrote:
> Once upon a time Thursday 15 February 2007, Arthur Pemberton wrote:
> > On 2/15/07, R P Herrold <herrold at owlriver.com> wrote:
> > > On Thu, 15 Feb 2007, Dennis Gilmore wrote:
> > > > Did you look at the code like i asked last time ?  IP's are
> > > > not collected. the data is transmitted by post so there is
> > > > is no way to tie a UUID to an ip
> > >
> > > ummm ... don't be silly -- it is trivial to associate an
> > > originating IP to a POST
> > >
> > > This test widget at http://www.herrold.com/post/ has this
> > > HTML code to the client:
> > >
> > > <form method="post">
> > > Digits only please: <input type="text" name="acme"><br>
> > > <input type="submit" name="show" value="show">
> > > </form>
> > >
> > > and reveals the REMOTE_ADDR quite readily.
> > >
> > > The source PHP may be viewed at:
> > >
> > > http://www.herrold.com/post/index.phps
> > >
> > > -- Russ Herrold
> >
> > I have to agree with this. Not that I think that this is specifically
> > a problem. But it was false to imply that an HTTP Post is immune to IP
> > harvesting.
> sure it could be done  if smolt was coded to do so  but if it was in a GET  it
> would be in the logs.
>

How does one establish an HTTP connection without making your IP
available to the server?

-- 
Fedora Core 6 and proud




More information about the fedora-devel-list mailing list