Re: please respond to original poster:Fw: user-agent header

On Mon, 17 Mar 2003, David Woolley wrote:

> it recently.  However, there is another issue here in that forging
> a User Agent in order to access a banking system could be considered
> fraud,

Erm, the HTTP spec is very clear about NOT relying on user agent strings.
If you get round their so-called security by faking one, how is anyone
going to make a case that the fault is with anyone other than the idiots
who ignored the spec in the first place?

> noted that earlier versions of Lynx SSL don't authenticate the web site,
> making them vulnerable to man in the middle attacks.

ISTR the same is true of several browsers, including not least MSIE.

> Faking may also violate trademarks and/or copyrights and does result in
> Lynx being under-recorded as as source of web accesses.

Stats are a lost cause, when so many users of highly-capable minority
browsers like Opera and Konqueror take the line of least resistance.

> I am not a lawyer; this is not legal advice.

Ditto.


-- 
Nick Kew

Received on Monday, 17 March 2003 19:16:35 UTC