|
|
Posted by Jerry Stuckle on 06/13/07 15:44
max.schulze@googlemail.com wrote:
> On Jun 12, 11:05 pm, Jerry Stuckle <jstuck...@attglobal.net> wrote:
>> howa wrote:
>>>> And what do you do when the IP address can change with every request -
>>>> for instance, AOL users and some corporations?
>>> Hi,
>>> You made a very good point, never thought of IP address can change
>>> with every request...
>>> How about only rely on the first 3 part, e.g. 202.92.94.xxx (drop the
>>> last part) ?
>> No guarantee there, either - although I don't see why it should change,
>> you're also losing a main security feature. Just figure that IP
>> addresses are not reliable security indicators.
>>
>> --
>> ==================
>> Remove the "x" from my email address
>> Jerry Stuckle
>> JDS Computer Training Corp.
>> jstuck...@attglobal.net
>> ==================
>
> Maybe you can do that with AJAX
> What about chaning the session_id on every request?
>
> Or check if 2 Users with the same ip are logged in?
>
Ajax requires javascript be enabled. And in a small corporation with a
single firewall/proxy, all users will have the same ip address.
IP addresses are not reliable at any time other than when responding to
the immediate request.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================
Navigation:
[Reply to this message]
|