Michael Dinowitz wrote:
>>>checking amount of attempts per IP - ip can be forged
>>
>>I'm not sure what you mean by this. If an HTTP request is coming from my
>
> There's connection and reported connection IP. I remember back in the days there
> was a security bug in CFHTTP where you could 'control' the IP that was reported
> in the CGI vars.
CFHTTP acts as the client, the reporting of the remote_addr is
done by the server. So at best it displayed a bug in some server
implementation, it was not a generic mechanism to fake addresses.
Jochem
[Todays Threads]
[This Message]
[Subscription]
[Fast Unsubscribe]
[User Settings]
- Re: Nesting CFTRANSACTION? Christian Cantrell
- RE: Nesting CFTRANSACTION? Jim Davis
- Re: security flaw in web services Kevin Graeme
- Re: security flaw in web services Jochem van Dieten
- Re: security flaw in web services Kevin Graeme
- Re: security flaw in web services Jochem van Dieten
- Re: security flaw in web services Bryan Stevenson
- Re: security flaw in web services John Paul Ashenfelter
- RE: security flaw in web services Dave Watts
- Re: security flaw in web services Michael Dinowitz
- RE: security flaw in web services Jochem van Dieten
- RE: security flaw in web services Stacy Young
- RE: security flaw in web services Matthew Walker
- Re: security flaw in web services Michael Dinowitz
- Re: security flaw in web services Jim McAtee
- RE: security flaw in web services Peter Tilbrook
- RE: security flaw in web services Dave Watts
- RE: security flaw in web services Dave Watts