[3837] in WWW Security List Archive
Re: web server's security -Reply
daemon@ATHENA.MIT.EDU (Javier Romeu)
Wed Dec 18 11:56:25 1996
From: "Javier Romeu" <redsecurity@netculture.net>
To: DAVE SANDERS <DSANDERS@fusn.com>, www-security@ns2.rutgers.edu
Date: Wed, 18 Dec 1996 15:54:48 +0100
Reply-to: redsecurity@netculture.net
X-Confirm-Reading-To: redsecurity@netculture.net
Errors-To: owner-www-security@ns2.rutgers.edu
Hi,
> On the second question, my provider offers logging of this
> information, IF it exists. On my logs I don't get any name
> information. I think it relies entirely on the browser end and how
> the user set it up and whether they set it up with a name or email.
> (Can someone else clarify this?)
I think that's not completely ritgh. When the server receives an
incoming connection to port 80 it might ask remote host's identd
about the user owner of that conection. Of course, this should never
be trusted as one can easily spoof identd responses from non-Unix
boxes (Mirc is the most common example).
I hope it's right and I hope it helps too :)
Regards,
Javier
________________________________________________________
**************** R E D S e c u r i t y ****************
Javier Romeu, Manager.
mailto:redsecurity@netculture.net
Web: http://www.netculture.net/~redsecurity
Tel: +34-3-2098048 Fax: +34-3-2048105
Especialistas en *Seguridad* Informatica
********************************************************
