(keitai-l) keeping browsers out...

From: Nick May <nick_at_kyushunet.com>
Date: 03/16/01
Message-id: <fc.000f761000051d7a000f761000051d7a.51d7d@kyushunet.com>
None of these methods are foolproof of course, but they will provide a
*little* more security against faking in browsers. I doubt 1,2 and 4 
would work against the php thingie Mike T cooked up.

1) see if javascript is switched on (if it is, it ain't a docomo phone -
but this can be switched off in the browser...)

2) see if you can set a cookie.... (if you can, it aint a docomo phone -
but this can be switched off in the browser...)

3) do a reverse lookup to see if it comes from (takes time and you have to
keep the list of servers up to date)

4) Use urls that exceed 255 chars - set a variable at char 300. Check to
see if it is present. If it was passed, you are in a  browser, so bomb out
- I THINK imode phones will pass only the first 255. Of course, this can
be hacked around as well if you know it is there....

5) with java phones, send a wee applet that has to run and pass a message
back that says "it's a phone". Make sure it will not run on I.E or Mozilla
(and the various Java machines) 


I do not like the idea of a part of the net that is only browsable if I
enter into an expensive contract with an 800lb gorilla  that requires me
to use their expensive handset. Sites that are "Windows Internet Explorer"
only (without very good reason - i-mimic - or whatever it is called -
being a justified exception) are not just annoying - they are a part of a
Microsoftification of the net. Demanding I use a particular company's
handset to browse your content is not all that different. 

We all like the fact that imode uses largely non proprietory protocols and
can use standard web servers and languages. Openness is good - this is
just part of that openness....

Nick


[ Did you check the archives?   http://www.appelsiini.net/keitai-l/ ]
Received on Fri Mar 16 17:32:16 2001