Smolt: firsboot revisited

Arthur Pemberton pemboa at gmail.com
Fri Feb 16 04:30:31 UTC 2007


On 2/15/07, R P Herrold <herrold at owlriver.com> wrote:
> On Thu, 15 Feb 2007, Dennis Gilmore wrote:
>
> > Did you look at the code like i asked last time ?  IP's are
> > not collected. the data is transmitted by post so there is
> > is no way to tie a UUID to an ip
>
> ummm ... don't be silly -- it is trivial to associate an
> originating IP to a POST
>
> This test widget at http://www.herrold.com/post/ has this
> HTML code to the client:
>
> <form method="post">
> Digits only please: <input type="text" name="acme"><br>
> <input type="submit" name="show" value="show">
> </form>
>
> and reveals the REMOTE_ADDR quite readily.
>
> The source PHP may be viewed at:
>
> http://www.herrold.com/post/index.phps
>
> -- Russ Herrold

I have to agree with this. Not that I think that this is specifically
a problem. But it was false to imply that an HTTP Post is immune to IP
harvesting.
-- 
Fedora Core 6 and proud




More information about the fedora-devel-list mailing list