was an issue with CFHTTP. Seems that you could forge what would show up in the
CGI vars using it. That 'feature' was yanked really fast.
There's 2 different things here. The first is the reported information and the
second is the 'true' information. The reported information (i.e. coming from the
external client) can never be trusted as it can be forged. The 'true'
information is usually true except when its not. Sometimes its easy to forge the
'true' information and sometimes not.
> But surely that's email only - not web pages?
>
>
>
> -----Original Message-----
> From: Michael Dinowitz [mailto:[EMAIL PROTECTED]
> Sent: Friday, 3 October 2003 2:49 p.m.
> To: CF-Talk
> Subject: Re: security flaw in web services
>
>
>
> You can fake the reported IP. I had mentioned this as a possible spam thing
> and
> I've actually seen it in the wild with spam from 2 different places.
>
> > > checking amount of attempts per IP - ip can be forged
> >
> > You can't fake an IP and expect TCP/IP to work.
> >
> > Jochem
>
>
>
> _____
>
> [Todays
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
