rbpphp

Hello,

Is there a way to be sure that a website is going to be accessed only by
traditional browsers and not from another
software that send to the server the same headers of any of the traditional
browsers?
For example, supose that i only want to give access to my site users from
firefox, ie, chrome and safari, because
i know that the users can´t download the copyright information of the
website to the temporary files with anyone
of this browsers.

How can i be sure that someone that develop a mini-browser or a software
can´t access my site sending the same
header information of traditional browsers?

In this case, the validation of HTTP_USER_AGENT isn´t a solution.

Thanks.

thiago.pojda

I was just answering this with a long response, but you beat me with that "simplicity"

Thiago Henrique Pojda
http://nerdnaweb.blogspot DOT com

rbpphp

Hello,

Is there a way to be sure that a website is going to be accessed only by
traditional browsers and not from another
software that send to the server the same headers of any of the traditional
browsers?
For example, supose that i only want to give access to my site users from
firefox, ie, chrome and safari, because
i know that the users can´t download the copyright information of the
website to the temporary files with anyone
of this browsers.

How can i be sure that someone that develop a mini-browser or a software
can´t access my site sending the same
header information of traditional browsers?

In this case, the validation of HTTP_USER_AGENT isn´t a solution.

Thanks.

robert

You can't... get over it.

Cheers,
Rob.
--
http://www.interjinn.com
Application and Templating Framework for PHP

thiago.pojda

I was just answering this with a long response, but you beat me with that "simplicity"

Thiago Henrique Pojda
http://nerdnaweb.blogspot DOT com

robert

You can't... get over it.

Cheers,
Rob.
--
http://www.interjinn.com
Application and Templating Framework for PHP

stuttle

2009/1/26 R B <rbpphp@gmail.com>:


As Rob has so eloquently said, you can't. Might I suggest you address
the problem you've created, that of viewing the copyright info, rather
than trying to control what people do with your publicly accessible
site, which is a battle you can't win.

-Stuart

--
http://stut.net/

aballard

ditto

stuttle

2009/1/26 R B <rbpphp@gmail.com>:


As Rob has so eloquently said, you can't. Might I suggest you address
the problem you've created, that of viewing the copyright info, rather
than trying to control what people do with your publicly accessible
site, which is a battle you can't win.

-Stuart

--
http://stut.net/

tg-php

=0D=0A=0D=0A----- Original Message -----=0D=0AFrom: Stuart =
<stuttle@gmail.com>=0D=0ATo: R B <rbpphp@gmail.com>=0D=0ACc: PHP List =
<php-general@lists.php.net>=0D=0ADate: Mon, 26 Jan 2009 19:53:17 =
+0000=0D=0ASubject: Re: [php] Non-traditional software accessing my =
website=0D=0A=0D=0A> 2009/1/26 R B <rbpphp@gmail.com>:=0D=0A> > Is there =
a way to be sure that a website is going to be accessed only by=0D=0A> > =
traditional browsers and not from another=0D=0A> > software that send to =
the server the same headers of any of the traditional=0D=0A> > =
browsers?=0D=0A> > For example, supose that i only want to give access to =
my site users from=0D=0A> > firefox, ie, chrome and safari, =
because=0D=0A> > i know that the users can=C2=B4t download the copyright =
information of the=0D=0A> > website to the temporary files with =
anyone=0D=0A> > of this browsers.=0D=0A> >=0D=0A> > How can i be sure =
that someone that develop a mini-browser or a software=0D=0A> > =
can=C2=B4t access my site sending the same=0D=0A> > header information of =
traditional browsers?=0D=0A> >=0D=0A> > In this case, the validation of =
HTTP_USER_AGENT isn=C2=B4t a solution.=0D=0A> =0D=0A> As Rob has so =
eloquently said, you can't. Might I suggest you address=0D=0A> the =
problem you've created, that of viewing the copyright info, rather=0D=0A> =
than trying to control what people do with your publicly =
accessible=0D=0A> site, which is a battle you can't win.=0D=0A> =0D=0A> =
-Stuart=0D=0A> =0D=0A=0D=0AStuart's right.. if your big issue is not =
allowing people to make their own copy of the material, then the issue is =
bigger than restricting access to just certain browsers. I'm not sure =
how you're keeping people from 'stealing' the data with IE, FF, etc, but =
chances are.. it's hardly a complete protection. Just doing things like =
disabling right-click, or text selection or something, isn't going to =
offer complete protection.=0D=0A=0D=0AThen, the issue you're asking about =
specifically, you have an issue of someone using wget or something to =
just download a copy of the page. Since a browser downloads copies of =
the content to display it, you have to allow download for people to view =
your page.=0D=0A=0D=0AThe only real way you're going to protect =
copyrighted material is to use something fairly complex like making the =
users view the content via a java or flash app, so they're not really =
storing the data in a conveniently 'stealable' way. Then again, if it's =
images/video.. there are plenty of programs for capturing that =
data.=0D=0A=0D=0AGoing back to your question, though... "How do I =
prevent people from accessing my content if they're not using an approved =
browser..", there's not much you can do from PHP, but you may be able to =
use Javascript to get a 'fingerprint' of the browser and try to determine =
if it's a proper browser by querying JS objects to see if they're =
supported. Something like wget isn't going to support JS (or not much.. =
I don' believe it does though.. cookies, yes, js no.. correct me if I'm =
wrong though). Other browsers that may spoof the user agent to fool you, =
may have other characteristics that reveal that they're not an approved =
browser.=0D=0A=0D=0ABut that would be a huge pain in the ass and not =
likely to restrict all the browsers you don't want accessing the =
site.=0D=0A=0D=0AIf you want an example of what JS and such can determine =
about your browser, check out BrowserHawk's =
site:=0D=0Ahttp://www.cyscape.com/showbrow.aspx=0D=0A=0D=0AAnyway, just =
some stuff to think about. I wouldn't say absolutely "you can't", but =
the techncial aspects of what you're asking are severely =
prohibitive.=0D=0A=0D=0A-TG