You are not logged in. Login Now register |  search
 0-24   22-46   47-50        
 
Grex > Coop11 > #75: Agenda for the Feb 23 1999 Grex Board of Directors Meeting
Author Message
4 new of 50 responses total.
mdw
response 47 of 50: Mark Unseen   Mar 8 03:39 UTC 1999
There's no reason to mess around with REFERER fields or cookies or
anything else.  A simple way, that would work with *all* browsers, is to
have wnu generate the form as well as process the posted data.  When it
generates the form, it can generate a pseudo-path (such as
http://www.cyberspace.org/cgi-bin/wnu/haponymarryoneway ), and when
cgi-bin/wnu is run, it can just look at PATH_INFO to pull out
haponymarryoneway and if that string "checks out", it knows the form
given to it came from wnu.  The "haponymarryoneway" string can be an
encoded and encrypted data string (or could even be just a keyed
cryptographic hash, such as hmac) of the ipaddress, timestamp, and
perhaps a hidden field nonce.  If the data doesn't match up, wnu could
return any sort of helpful error form.  A useful error form might ask
people to only link to the wnu's main page, include a pointer to the
main page, a pointer to more information about grex, a feedback form in
case people get that due to an overly clever anonymous proxy server, and
might even include a hidden copy of any fields someone filled out from
the "bogus" wnu main page with a pointer to the wnu main page.
srw
response 48 of 50: Mark Unseen   Mar 15 18:32 UTC 1999
That's more work than just checking referrer, but (stepping back) while 
I wouldn't mind seeing any technical solution that allowed WNU to reject 
such forms, I also think it would be a good idea for us to pursue what 
this person is doing as inappropriate use of our intellectual property. 
I believe that we should see what pressure we can bring to get it 
stopped because I think we need to protect our service mark. This is 
fraudulent use of our service mark. This is almost certainly against the 
law in scotland, btw, though I doubt it'll come to that.
lilmo
response 49 of 50: Mark Unseen   Apr 14 03:08 UTC 1999
Any progress on our "partner"?  :-)
steve
response 50 of 50: Mark Unseen   Apr 17 15:15 UTC 1999
  If you mean the idiots who say they're a online presence, they're gone.
I never got a reply from them directly, but the Xoom folks who got mail
from me explaining the situation killed the Melonite pages within hours
of my sending the mail.

  Scratch one "partner".
 0-24   22-46   47-50        
 Response Not Possible: You are Not Logged In
 

- Backtalk version 1.3.30 - Copyright 1996-2006, Jan Wolter and Steve Weiss