-----BEGIN PGP SIGNED MESSAGE-----
"Michael" == Michael Elkins <me@muddcs.cs.hmc.edu> writes:
Michael> I've heard several people make this statement... Can anyone Michael> confirm that it is really possible to log the uid (username) Michael> of the person making the http request? I know they can get Michael> your ip address, but I'm skeptical of getting the username. There is no general rule, it depends on your system, your system administrator, your browser, .... If you use Unix, there is no way to know who is at the other end of a socket without using either: 1) finger- or rusers-like information, which is only a guess than may easily be defeated; 2) a "identity daemon", which is run on port 113 and may be queried by a host to which a connection is being made. This kind of identity daemon sometimes has an option which makes it look for a file in the user's home directory before answering ; if this file is present, then the user-id won't be disclosed. It is also very time-consuming for a WWW server to make such a TCP connection each time a request is made, it slows down the request a lot. Anyway, the use of a proxy may help you in that the user-id will probably "nobody". You stay anonymous, unless your proxy's manager keeps the logs. The other way to get your identity is... getting cooperation from yourself ! There was a bug in Netscape 2.0 which made it possible to make you send a mail without even realizing it when browsing some pages (using a form with a mailto: action and a piece of JavaScript to submit the form). Other browsers may well send your user-id and/or you real name across the network in a browser-defined header. This must be checked on a browser per browser basis, since each browser is free to add any header it wants. Sam - -- "La cervelle des petits enfants, ca doit avoir comme un petit gout de noisette" Charles Baudelaire -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface iQCVAgUBMW0Pk4FdzKExeYBpAQGyWAP+LwubZ9+aqzaP7Lq44Lhlztshp0YPslVF yioq8BGlxotMlLEQHdOyVHfjUGnV7U9eUdeT5jWplKmhpEVgYiYlOtHKX8JOLDno X7dhCQG14Q8bQctlS7UQ5EV10sM5CaNN4G+Cx05iSZ8VY+aFScdRlS77EMovMKD4 Y1YC8P41RdY= =l4BE -----END PGP SIGNATURE-----