[thelist] user agent spoofing security issues?

Mark Groen evolt at markgroen.com
Wed Feb 7 09:28:39 CST 2007


On Wednesday 07 February 2007 07:07, Lee kowalkowski wrote:
> On 07/02/07, Brian Cummiskey <brian at hondaswap.com> wrote:
> > are there security issues (sql injection specifically) involved with
> > storing the user agent?  Just how far can the user agent be changed?
>
> The User Agent string can be anything an attacker wants it to be.

Thank goodness for that, there are a lot of sites out there with (for example) 
Flash detect scripts that even though I have Flash 9, they won't work. 
Until I say that I'm WinXP on a M$ system instead of Firefox on *nix.
-- 
cheers,

        mark



More information about the thelist mailing list