PHPBuilder.com, the best resource for PHP tutorials, templates, PHP manuals, content management systems, scripts, classes and more.

Linux Today
Enterprise Linux Today
Apache Today
JustLinux.com
Linux Planet
PHPBuilder
All Linux Devices
Hiermenus
DatabaseJournal
Technology Jobs

IT
Developer
Internet News
Small Business
Personal Technology

Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers

Covalent Extends Apache 2.0 to Microsoft ASP.NET
ShopWorX - Support for Windows
PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1
Network Risk Assessment
Full-Featured, Java-Based Apache GUI

Partners & Affiliates

Fundamentals of PHP Superglobals
PHP, XML, XSL, XPATH and Web Services
PHP Developer Resources
In Case You Missed It...The Week of February 6, 2006
Aptana Studio Professional 1.5, a Complete Developer's Toolbox

Sr. Web Developer
mediabistro.com
US-NY-New York

Post A Job | Post A Resume

Comments for: tim20001211

Message # 1007830:

Date: 10/18/01 12:03
By: Anders Kronquist
Subject: Problem using 1x1 pixel GIF image

There is an additional problem if you use a GIF image - the image does not have to be loaded (I don't think you'd ever see Lynx as a browser). Because of this, you get more reliable data by making the webserver send the data to the script instead of the user. This can be done by issuing a GET/POST command to one of the log servers pages. This will impact the webservers performance, however, which may be a Bad Thing (tm).

The good thing about using the image approach is that it is the web browser (client) that does the work for you - but this also means that since the browser does not have to follow every IMG link you may never be totally sure of your data.
As a matter of fact, with the use of such proxy programs as Proxomitron you can quite easily remove any external IMG links (links that does not lead to the current browser). There is also the possibility of malicious use of the link, passing erroneous and possibly malicious ("&g='; DROP DATABASE <bruteforce database names>") content to the script (by creating a page with 10 000 IMG links to your GIF image (thereby providing an excellent way to bruteforce database and table names. Most people tend to use simple names for their tables.

Lastly, there is the problem of user anonymity - does your user want to be logged? Is it OK to check the users referrer? And since the information provided by the browser can be a 'lie', should we trust the browsers information enough to log it, thereby implying that, 'ShonenScape', 'Macrosoft Exploder' and 'Netquake' has been used in 3% of all access to our webpages?

Previous Message | Next Message

Comments:
RE: opentracker	Mayukh	04/30/05 05:46
RE: Some fixes to SourceForges browser.php	David Neff	12/06/02 20:29
Cache Problem(On Indirect Ip's)	Shrirang Kulkarni	11/06/02 03:43
Some fixes to SourceForges browser.php	morten hansen	10/29/02 09:49
RE: Referrer checking?	tony	06/28/02 23:32
Use timestamp from random num	nicole	05/16/02 16:50
RE: Sample SQL to run reports sorting	Chris Peterson	04/22/02 04:14
RE: Sample SQL to run reports sorting	Brandon	04/05/02 18:19
Sample SQL to run reports sorting	Luis Oliveira	03/25/02 04:48
Problem using 1x1 pixel GIF image	Anders Kronquist	10/18/01 12:03
Referrer, uniques and standards	Frans	03/08/01 19:46
Memory effective Database	Kenneth	02/08/01 12:21
RE: Apache log => mysql	Martin	01/16/01 06:16
Java referrer	david	01/01/01 20:35
here's some code I use on a large system	Stephen VanDyke	12/28/00 14:45
RE: Referrer checking?	david	12/27/00 20:55
RE: A more optimized solution	Richard Bendelow	12/22/00 08:41
RE: Badly normalized - Both?	llong	12/20/00 18:36
RE: opentracker	llong	12/20/00 18:21
Error but no error echoed???	Charles	12/19/00 15:36
Apache log => mysql	James	12/19/00 10:05
RE: Badly normalized	Jeppe Salvesen	12/15/00 20:12
Simple way to convert Day integer back to dat	Patrick	12/14/00 21:27
mod_log_mysql is the way to go	Nathan Cassano	12/14/00 11:54
!the real solution: webalizer.com/sample !!!	Igor	12/13/00 13:40
RE: Badly normalized	Beth J.	12/13/00 11:08
RE: Disabled images	Tim Perdue, PHPBuilder.com	12/13/00 10:32
Disabled images	Joe Clarke	12/12/00 19:47
A more optimized solution	Stallion	12/12/00 14:57
RE: Real user tracking	Ed Rahn	12/12/00 14:20
RE: Not the fastest solution	Viking	12/12/00 11:37
RE: Badly normalized	Martijn	12/12/00 11:29
opentracker	edmz	12/12/00 11:12
RE: Referrer checking?	Martin Joergensen	12/12/00 10:25
RE: Badly normalized	Tim Perdue, PHPBuilder.com	12/12/00 09:44
Another alternative	George Schlossnagle	12/12/00 08:58
RE: Referrer checking?	Grant Petersen	12/12/00 01:54
RE: Not the fastest solution	Hendrik Mans	12/11/00 20:13
Badly normalized	Jeppe Salvesen	12/11/00 19:04
HTML-based e-mail	Chris Thompson	12/11/00 17:42
Not the fastest solution	Viking	12/11/00 16:08
RE: Real user tracking	Sean Clark	12/11/00 14:07
RE: Real user tracking	luke chasteen	12/11/00 12:53
RE: Referrer checking?	Pavel Prishivalko	12/11/00 10:55
RE: Referrer checking?	Micheal O Shea	12/11/00 09:33
RE: Real user tracking	Tim Perdue, PHPBuilder.com	12/11/00 09:30
RE: Referrer checking?	John	12/11/00 08:24
Real user tracking	NightOwl	12/11/00 07:38
cache problem if using host without PHP	SaS	12/11/00 07:08
RE: Referrer vs. Referer foo	philip olson	12/10/00 21:59
RE: Referrer checking?	Tim Perdue, PHPBuilder.com	12/10/00 21:30
Referrer checking?	Hendrik Mans	12/10/00 20:44
If you are looking for help, please post on the appropriate forum here. Your questions will be answered much more quickly. Add A Comment: Name: Email: Subject: Message: To reduce spam posts, messages are now manually approved You are not [logged in]. That means your account will not get credit for this post.

Comments for: tim20001211

Add A Comment: