[thelist] user agent spoofing security issues?
Mark Groen
evolt at markgroen.com
Wed Feb 7 09:28:39 CST 2007
On Wednesday 07 February 2007 07:07, Lee kowalkowski wrote:
> On 07/02/07, Brian Cummiskey <brian at hondaswap.com> wrote:
> > are there security issues (sql injection specifically) involved with
> > storing the user agent? Just how far can the user agent be changed?
>
> The User Agent string can be anything an attacker wants it to be.
Thank goodness for that, there are a lot of sites out there with (for example)
Flash detect scripts that even though I have Flash 9, they won't work.
Until I say that I'm WinXP on a M$ system instead of Firefox on *nix.
--
cheers,
mark
More information about the thelist
mailing list