Greenguy's Board - View Single Post - New CCBill Admin

cd34 · 2009-04-12, 07:15 PM

The only real valid reason I can think for encoding the links is that a toolbar or proxy server doing a 'man in the middle' replacement, wouldn't be able to quickly determine the sponsor/site in order to do their replacement. A toolbar currently only needs to look for the CA code to know whether they have an account with that sponsor, and then can do a replacement on the PA part of the url.

With an encoded url, that sponsor/site/affiliate data is somewhat hidden from a quick automated replacement script making it much harder for a toolbar/proxy to replace that info on the fly.

Whether that toolbar is still as prevalent as it used to be is the issue, but, it does prevent the type of variable replacement attack that was being done with that toolbar.

2009-04-12, 07:15 PM	#60
cd34 a.k.a. Sparky Join Date: Sep 2004 Location: West Palm Beach, FL, USA Posts: 2,396	The only real valid reason I can think for encoding the links is that a toolbar or proxy server doing a 'man in the middle' replacement, wouldn't be able to quickly determine the sponsor/site in order to do their replacement. A toolbar currently only needs to look for the CA code to know whether they have an account with that sponsor, and then can do a replacement on the PA part of the url. With an encoded url, that sponsor/site/affiliate data is somewhat hidden from a quick automated replacement script making it much harder for a toolbar/proxy to replace that info on the fly. Whether that toolbar is still as prevalent as it used to be is the issue, but, it does prevent the type of variable replacement attack that was being done with that toolbar. __________________ SnapReplay.com a different way to share photos - iPhone & Android