Re: [PHP] Re: Security, Late Nights and Overall Paranoia — PHP

You are here: Re: [PHP] Re: Security, Late Nights and Overall Paranoia « PHP « IT news, forums, messages

Posted by "Richard Lynch" on 07/11/05 04:46

On Fri, July 8, 2005 11:25 am, Ezra Nugroho said:
>
> Here is one security measure that you HAVE to do if you allow people to
> submit contents to your site.
>
> 1. track client's IP.
> 2. Associate sensitive cookies with the IP, if they don't match, ignore
> it or invalidate the cookie.
>
> We may not stop the information redirection.
> We can make the information invalid.

NO!!!

IP is *USELESS* as identification!

AOL users change IP more often than drummers change their underwear.

EVERY user working at IBM is gonna have the *same* IP address.

You will only break your site for legitimate users, and not make anything
useful to stop Bad Guys.

--
Like Music?
http://l-i-e.com/artists.htm

Navigation:

Next in forum: Re: [PHP] Re: Register globals and ini_set
Prev in forum: RE: [PHP] back slashes
Thread view: Re: [PHP] Re: Security, Late Nights and Overall Paranoia

[Reply to this message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация