On Fri, 10 Oct 2003 13:55:54 -0400 Bryan Phinney <[EMAIL PROTECTED]> uttered:
> I do not know of any method of detecting the browser and altering the > default page displayed based on that browser that does not entail > creating code on the default display page and possibly subsequent > pages of the site. I also do not know of any method of doing this > that I would be unable to bypass in some manner. Figuring out what > happens when you bypass the detection code is part of QA and I have > yet to see any site that is capable of locking me out based on my > browser. I have been working in software QA for about 8 years, the > last 4-5 has been spent almost entirely on web-based applications. I > would consider myself somewhat knowledgable in that area. YMMV. Monsieur Woods already linked me to a solution that confirms what you say, it appears it must be done in the page code: http://www.devin.com/ieblock_howto.shtml > > > Also, if someone has a page under the actual index bookmarked, > > > they can still bypass the detection string. I use that all the > > > time to bypass detection and enforcement of IE only. > > > > I don't have many pages to edit, so adding it to each and every page > > would be a simple matter of copy and paste. > > That depends on your pages. If you use a CGI method, each page that > can be reached via URL must be CGI based. If you use a PHP method, > the same holds true. If you mix html, dhtml, CGI, etc. it is not a > simple cut and paste function. Well there, the site linked above seems to differ with you. The claim is that it is impossible to bypass (unless you spoof the browser ID or go through a proxy, etc.) Quote: " It has the added advantage that it doesn't require CGI execution or redirection, and can't be circumvented by knowing the URL for the "real" page. It's pretty simple, actually. Place this code at or near the top of your code, before any output has occurred." All of my pages are .php, so this is the method I'll try. Anyhow, we'll see how it goes, I have Wine installed and IE so I can test it. > The fact is that if I can load a page without loading the specific > redirect code that you created, I can bypass the detection. Also, if > I use a proxy server that doesn't pass a browser id header, I can > bypass the redirect. If you are trying to lock out a specific > browser, it is easier to bypass than if you only accepted a particular > one. Without a browser header, the default behavior is probably to > display the normal page. With most detection mechanisms, the default > is to not display unless the browser identifies itself as a certain > type. Even that can be spoofed, although not trivially with IE. I'm not lookin' fer a 100% blockade, I'll be happy if even 1 or 2 people get the message, esp. considering the pathetic level of traffic my site generates. Even if just a few people did this kind of thing, it could catch on and generate quite a stir, IMHO. Not so much, as I say, to make it *impossible*, but very difficult to ignore, knowwhatimsayin'? -- HaywireMac Registered Linux user #282046 Homepage: www.orderinchaos.org ++++++++++++++++++++++++++++++++++++++++++ Mandrake HowTo's & More: http://twiki.mdklinuxfaq.org ++++++++++++++++++++++++++++++++++++++++++ In spite of everything, I still believe that people are good at heart. -- Ann Frank
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
