|
|
Posted by Michael Fesser on 11/01/07 19:04
..oO(Sanders Kaufman)
>"Michael Fesser" <netizen@gmx.de> wrote in message
>news:dothi3luph8dk9r0p5ve6nna5dlvshrpt5@4ax.com...
>
>> Exactly. Not all proxies send that header, and there are many more ISPs
>> or company networks that use proxies. Relying on the IP is a bad idea in
>> general, simply because it's not unique to a particular visitor.
>
>You *have* to rely on IP's in the identification process
A single user can have a dozen IPs and a dozen users can have the same
IP. What do you want to identify there?
> - this is the
>INTERNET, for Christ's sake.
Yes. And?
>Beyond that, people who use proxy services like AOL and corporate intranets
>do so to MASQUE their identity.
>
>So counting on those folks to be who they say they are is nuts.
Who cares? Let them be whoever they want to be. And saying that all
those people behind proxies only want to hide their identity is quite
rude. Sometimes they don't have any choice if there's a transparent
proxy on the line.
>In my case, I also validate registrations through an initial email
>confirmation.
That's a completely different issue. For things like a newsletter
subscription such a double-opt-in might also be be required by law in
some countries.
>Whenever someone registers through AOL, they almost always do so through a
>temporary email account that AOL helps them set up specifically so that they
>can masque their identity.
>
>Unless hackers and half-wits are your target market (as is so often the
>case) trying to code around AOL's weirdness is even worse than trying to
>code around Internet Explorer's weirdnesses
I don't code around anything. I simply don't rely on completely
unreliable things like the user's IP or the referrer header.
Micha
Navigation:
[Reply to this message]
|