Yeah, as a general rule-- never base security off anything in the cgi scope. Anything that comes in the request header can be spoofed.
~Brad -------- Original Message -------- Subject: Re: HTTP_USER_AGENT question From: James Holmes <[email protected]> Date: Thu, February 19, 2009 11:47 pm To: cf-talk <[email protected]> It's trivial to fake this header and many bad bots (i.e. the ones that ignore robots.txt) will pretend to be IE or another browser. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:319589 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
