Barring access to Netscape
If you want to bar access to your site from a Netscape browser, such can easily be accomplished. If memory serves, every browser, when connecting to a site, exchanges certain information about the client with the server. One can gain access easily to that information. I believe that Netscape uses "Mozilla" as their keyword when exchanging browser-specific information.
On Fri, 1 Dec 1995, Ed Carp wrote:
I believe that Netscape uses "Mozilla" as their keyword when exchanging browser-specific information.
The field is User-Agent. However, blocking access to users of Navigator isn't a particularly useful thing to do. If you must do something, why not modify your GET handler to add a header to the start of all html pages informing people of the problem, and suggesting alternatives. Someone else [I can't remember, but I'll call them Alice] claimed that the security problems showing up were part of a deliberate conspiracy. To anyone who knows anything about the history of these things knows how absurd this is. The principals at Netscape are a nice bunch of really guys, but were not really up to speed on issues like security and networking- for example, the first incarnation of SSL had an RC4 stream running with no checksumming whatsoever. The security problems that resulted are due to the learning curve. Simon
The field is User-Agent. However, blocking access to users of Navigator isn't a particularly useful thing to do. If you must do something, why not modify your GET handler to add a header to the start of all html pages informing people of the problem, and suggesting alternatives.
I haven't modified my GET, but at the top of all the standard c2.org web pages (http://www.c2.org/) if you are using pre-1.12 netscape, it barfs at you with a nasty message. I plan on adding a line for all netscape browsers, with a link to Lance's page, once it is ready. (Maybe it is ready now, I just haven't looked yet.)
Someone else [I can't remember, but I'll call them Alice] claimed that the security problems showing up were part of a deliberate conspiracy. To anyone who knows anything about the history of these things knows how absurd this is. The principals at Netscape are a nice bunch of really guys, but were not really up to speed on issues like security and networking- for example, the first incarnation of SSL had an RC4 stream running with no checksumming whatsoever. The security problems that resulted are due to the learning curve.
Simon
-- sameer Voice: 510-601-9777 Community ConneXion FAX: 510-601-9734 The Internet Privacy Provider Dialin: 510-658-6376 http://www.c2.org/ (or login as "guest") sameer@c2.org
The field is User-Agent. However, blocking access to users of Navigator isn't a particularly useful thing to do. If you must do something, why not modify your GET handler to add a header to the start of all html pages informing people of the problem, and suggesting alternatives.
Great idea! I'm sure there is a cyberpunk on this list willing to write a patch to NCSA HTTPd to get the job done, in a configurable manor of course so that a template.html would be 'inserted' at the top of every document sent out to the specified browser. Any takers?
participants (4)
-
Ed Carp -
Laszlo Vecsey -
sameer -
Simon Spero