[1748] in WWW Security List Archive
Re: Capturing E-Mail Address of
daemon@ATHENA.MIT.EDU (Mike Bremford)
Thu Mar 28 16:00:21 1996
Date: Thu, 28 Mar 1996 14:25:09 +0000
From: Mike.Bremford@mail.bl.uk (Mike Bremford)
To: www-managers@lists.stanford.edu, www-security@ns2.rutgers.edu,
"Matthew Lewis" <Matthew_Lewis@cpqm.saic.com>
Errors-To: owner-www-security@ns2.rutgers.edu
I believe there was a JavaScript program around somewhere that could extract the
e-mail address (and other goodies) from the browser and return it to the server
somehow. I looked but couldn't find it. If anyone has a URL I would be
interested to see it.
The CGI scripts are aware of the type of client its talking to, the IP address
and any name the user used to log on with (via an authentication box), but not
much more. If you write a quick CGI to print all the environment variables (in
Unix) then you will see whats available.
Note that the client software type and IP address can be screwed up if the
client is going via a proxy server.
Cheers... Mike
-----------------------------------------
From my HTTP server, what information can be captured, without prompting a
user, by a CGI script or Java applet? I am aware of the the information in
the log file, but I am interested in any other information that might be sent
by a web browser, specifically a user's e-mail address. Any help would be
appreciated.
Thanks,
Matt
