dmolsen/Detector

Sécurity Problem with User Agent Switcher

alainb2p opened this issue · 0 comments

Hi,

I try Detector and it is a good job. Thanks.
But it is possible that you hate me soon :)

But I had a question during my tests : What happen if someone change his UA width à Switcher like "User Agent Switcher" for Firefox.

So, I tried to set my UA from IE8 in Firefox with "User Agent Switcher". Damned, IE8 UA is saved in user-agents folder with Firefox's features. Next I'll try to surf on my detector website with a real IE8 and the server serves pages optimised for Firefox. Grrrrrrrrrr

1/ It's a big problem because it is impossible to check the browser real UA and it is a risk to serve no wellformed pages

2/ It's possible width a script and a UA database to attack the website which use detector and to force him to save UAs with bad features

I search a solution : maybe

save 10 versions of features for each UA
and when 10 is reached, averaging features.

Sorry for my poor english from France.

Bye