[4498] in WWW Security List Archive
Re: Question about User Identity (CGI scripting)
daemon@ATHENA.MIT.EDU (Ammon)
Wed Feb 19 11:48:07 1997
Date: Wed, 19 Feb 1997 08:41:43 -0600
To: www-security@ns2.rutgers.edu
From: Ammon <ammon@ikx.org>
In-Reply-To: <3309E81E.58EEE8E@telecnnct.com>
Errors-To: owner-www-security@ns2.rutgers.edu
At 12:34 PM 2/18/97 -0500, you wrote:
>Without getting into login scripts for our IntraNet, is there a way for
>me to capture the user's real account name via his/her browser?
Well, this would be a pretty crappy solution (but it'll work)...you could
grab the remote_host for their IP address and then match that to a listing
of names/IP. This, of course, relies on the fact that the users are using
fixed-IP computers.
____ _ _ _ _ ____ __ _
|--| o |\/| o |\/| o [__] o | \|
a m m o n @ i k x . o r g
i k x . o r g / ~ a m m o n
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
"Everyone has a talent. What is rare is the courage to
follow that talent to the dark place where it leads."
"A riot is the language of the unheard."
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
___ __ __ __ __ __
| |__) _) /__ / \ / \ take back alt.2600
| |__) /__ \__) \__/ \__/ http://tb2600.home.ml.org
