i wondering pros , cons of checking user-agent in php login script. find quite bit of conflicting information on internet , wonder if worthwhile using in event lister login script.
most people tell user agent can spoofed , provide no protection. however, given amount of people can spoof user agents versus cannot recommend still add user agent check.
beware if upgrade browser user agent may change.
do not rely solely on user agent validate session , not sacrifice other security measures able implement one. suggestion not spit out error code: "invalid user agent". make people trying site have figure out because way deter more people ever trying.
in conclusion: add it, don't rely on being sole security feature.
Comments
Post a Comment