Graham Anderson wrote: > Can the server variable 'user agent' be modified/spoofed by the user? > > I have a bunch movies that I want to only open if the user agent > contains Quicktime Player... > In my case, if the user agent string contains Quicktime Player, a movie > url is written for Quicktime to open.... > If the user agent contains a browser, I want php to deny access....not > write the url for Quicktime to read > > is is possible for a script kiddie to spoof user agent server variables > to fool the server ?
Of course. Some browsers, like Opera, even have a preferences thing where you can type in whatever user agent string you want. But even without that it is a trivial thing to spoof. Anything that comes across the wire to you can be spoofed. This includes the Host: header, the Referer: header, the User-Agent, cookies, whatever. -Rasmus -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
