Mailing List Archive
tlug.jp
Mailing List
tlug archive
tlug Mailing List Archive
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [tlug] detect fake HTTP referrer
- Date: Thu, 17 Jan 2008 18:24:15 +0900
- From: "Stephen J. Turnbull" <stephen@example.com>
- Subject: Re: [tlug] detect fake HTTP referrer
- References: <78d7dd350801160011x2db75b54ofdbffb76d41c5044@mail.gmail.com> <20080116112944.ab6ae181.attila@kinali.ch> <78d7dd350801160622taa0faf3sa072283d59964936@mail.gmail.com> <20080116112603.G63335@isris.pair.com> <87sl0x32p3.fsf@uwakimon.sk.tsukuba.ac.jp> <20080117012834.E63335@isris.pair.com>
Joe Larabell writes: > really need the file, I generally just leave. Requiring cookies for such a > lame reason (file d/load) is likely to cost you customers. Could be. If so, we'll move on to the next under the radar scheme for customer tracking. But NVH clearly wanted to track his customers pretty badly. > I thought the point was that he didn't want anyone else offering the file > for d/load but himself (I think the follow-up also clarified that). No, he clearly allows others to offer it, but he wants it to come from his site, and he wants a correct referrer. > > Actually, in the U.S. the correct term "obeying copyright law without > > checking the license". > What I was referring to has nothing to do with copyright. I know. Do you understand what I was referring to? Let's spell it out. > Suppose I have a public domain image on my page that I dig up from > some archive of such. Someone else likes the image and decides to > use it on their page as well. That's legal. My point is that he doesn't know that it's legal. Do your images all bear copyright and licensing information on them? Do all your pages specify which if any images have restrictions on them? Are you *sure* your licensing information is correct, and if so, how is this person supposed to know that you're different from all the schmucks and schmuck corporations that just bogart images? If he uses an URL instead of copying the content, then the whole legal mess is your responsibility. > But instead of copying the file to *his* server, he just puts *my* > URL into the <img> tag. Now, when someone visits his page, his > server takes the hit for the HTML but *my* server supplies the > image. That's my bandwidth and, even though I get a certain amount > included in my montlhly allottment, it's not a *free* > resource. That's theft. AFAIK it's not. I can understand that you dislike it, but that doesn't make it theft. > > On every page that contains images, set a cookie with a short expiry > > (say 1 hour), and insist on the cookie before you give away an image. > > But the cookie is just a string which can be spoofed. Unless you set a > unique cookie per visitor, miscreants can still concoct an HTTP request > that mimics the fixed-value cookie to access the file. Unique is fine with me. (But I thought "short expiry" already implied that; I don't see how to have short-expiry cookies that are fixed-value.)
- Follow-Ups:
- Re: [tlug] detect fake HTTP referrer
- From: Joe Larabell
- Re: [tlug] detect fake HTTP referrer
- References:
- [tlug] detect fake HTTP referrer
- From: Nguyen Vu Hung
- Re: [tlug] detect fake HTTP referrer
- From: Attila Kinali
- Re: [tlug] detect fake HTTP referrer
- From: Nguyen Vu Hung
- Re: [tlug] detect fake HTTP referrer
- From: Joe Larabell
- Re: [tlug] detect fake HTTP referrer
- From: Stephen J. Turnbull
- Re: [tlug] detect fake HTTP referrer
- From: Joe Larabell
- [tlug] detect fake HTTP referrer
- Prev by Date: Re: [tlug] detect fake HTTP referrer
- Next by Date: Re: [tlug] detect fake HTTP referrer
- Previous by thread: Re: [tlug] detect fake HTTP referrer
- Next by thread: Re: [tlug] detect fake HTTP referrer
- Index(es):
| Home Page | Mailing List | Linux and Japan | TLUG Members | Links |