With your second method on your example page, is this exploitable? Or even if it said it was valid would it still show our site name?? Does OpenSRS verify IP for this?? Bit lost ;o) Sorry if they are dumb questions. Not slept for days ;o(
-- Mike Allen, 4CheapDomains.Net [EMAIL PROTECTED] http://www.4CheapDomains.Net Need Advertising? Try DeerSearch.Com http://www.DeerSearch.com ----- Original Message ----- From: "David" <[EMAIL PROTECTED]> To: "Mike Allen" <[EMAIL PROTECTED]> Cc: "discuss-list" <[EMAIL PROTECTED]> Sent: Thursday, October 17, 2002 4:07 AM Subject: Re: Making the seal work [was: Re: Re resseler seal] > > Mike, the second method on my test page will work providing you don't > genuinely have a proxy that is stripping the referrer. ("you" being the > person accessing the seal). I don't have any stats on how many people are > behind such a proxy but I would imagine it would be quite small? > > On the other hand the first method won't work for IE users even if they're > not behind a proxy. > > (I keep saying "IE users", it may be IE6 only but I have no way to test > this tonight) > > David > > On Thu, 17 Oct 2002, Mike Allen wrote: > > > Well. We tried the seal and nothing works. When we do it now it states our > > firewall is preventing the auto authentication. Is their not a way around > > this? I don't want users to have to type a name in and I DON'T WANT to > > remove these machine from our fire walls for obvious reasons. I would rather > > not use the seal if a IP verification can't be used such as when we register > > sales... Please let me know if anyone has any advice... > > > > Thanx, > > > > -- > > Mike Allen, 4CheapDomains.Net > > [EMAIL PROTECTED] > > http://www.4CheapDomains.Net > > Need Advertising? Try DeerSearch.Com http://www.DeerSearch.com > > ----- Original Message ----- > > From: "David" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Cc: <[EMAIL PROTECTED]> > > Sent: Wednesday, October 16, 2002 8:04 PM > > Subject: Making the seal work [was: Re: Re resseler seal] > > > > > > > > > > No browser that I know of will send a referrer to a javascript popup, so I > > > have to wonder how this was ever meant to work without the user having to > > > type in the domain. > > > > > > A better solution would be to have the javascript create the popup onclick > > > (to get the correct size and window ornaments), and then "fall through" > > > and let the href work as normal, with a target of the popup. This way the > > > referrer will get passed. > > > > > > This is demonstrated here > > > http://www.sargasso.net/testseal.html > > > > > > Perhaps the 'cut and paste' supplied by tucows could be altered to match > > > the second example. > > > > > > David > > > > > > > > > On Wed, 16 Oct 2002, [EMAIL PROTECTED] wrote: > > > > > > > Hello > > > > I have question in regards to the Authorized reseller site seal. > > > > I installed it today and all seem to go well until I try to use the > > verify tool included by clicking the seal > > > > it goes to the database alright but asked the client to type in the site > > name with this error message is this something tempoary or will this > > continue to happen . I don't think I know any one that doesn't have a > > firewall of some sort if this is going to continue I can't leave it on the > > site it would annoy most clients > > > > error from seal > > > > > > > > > > > > Please enter the URL that you wish to verify: > > > > > > > > >Box to enter was here< > > > > You are being prompted to enter a URL Address > > > > as your firewall may prevent our system from automatically > > > > determining the URL for you. > > > > > > > > Greg Makuch > > > > Whatever Computes Ltd. > > > > http://www.whatevercomputes.com > > > > [EMAIL PROTECTED] > > > > phone: 306-569-4174 > > > > Toll-free: 1-877-291-3269 > > > > > > -- > > > |> /+\ \| | |> > > > > > > David Croft > > > Infotrek > > > > > > > > > > > -- > |> /+\ \| | |> > > David Croft > Infotrek > > >
