Sécurity Problem with User Agent Switcher #26
Description
Hi,
I try Detector and it is a good job. Thanks.
But it is possible that you hate me soon :)
But I had a question during my tests : What happen if someone change his UA width à Switcher like "User Agent Switcher" for Firefox.
So, I tried to set my UA from IE8 in Firefox with "User Agent Switcher". Damned, IE8 UA is saved in user-agents folder with Firefox's features. Next I'll try to surf on my detector website with a real IE8 and the server serves pages optimised for Firefox. Grrrrrrrrrr
1/ It's a big problem because it is impossible to check the browser real UA and it is a risk to serve no wellformed pages
2/ It's possible width a script and a UA database to attack the website which use detector and to force him to save UAs with bad features
I search a solution : maybe
save 10 versions of features for each UA
and when 10 is reached, averaging features.
Sorry for my poor english from France.
Bye