Posted by Sanders Kaufman on 11/01/07 18:38

"Michael Fesser" <netizen@gmx.de> wrote in message
news:dothi3luph8dk9r0p5ve6nna5dlvshrpt5@4ax.com...
> .oO(floortje)

>>AOL Proxy sends X-forwarded-for so there should be little trouble but
>>your point is still valid. I personally never had any complaints but
>>that sais little.
>
> Exactly. Not all proxies send that header, and there are many more ISPs
> or company networks that use proxies. Relying on the IP is a bad idea in
> general, simply because it's not unique to a particular visitor.

You *have* to rely on IP's in the identification process - this is the
INTERNET, for Christ's sake.
Beyond that, people who use proxy services like AOL and corporate intranets
do so to MASQUE their identity.

So counting on those folks to be who they say they are is nuts.

In my case, I also validate registrations through an initial email
confirmation.
Whenever someone registers through AOL, they almost always do so through a
temporary email account that AOL helps them set up specifically so that they
can masque their identity.

Unless hackers and half-wits are your target market (as is so often the
case) trying to code around AOL's weirdness is even worse than trying to
code around Internet Explorer's weirdnesses

[Back to original message]