http://advice.networkice.com/Advice/Underground/Hacking/Methods/Technical/Sp
oofing/default.htm
-----Original Message-----
From: Robert Everland III [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, April 18, 2001 6:36 PM
To: CF-Talk
Subject: RE: How secure are cgi variables
I'm just trying to figure out how it can be done. Can anyone say how ip
spoofing could actually be done, wouldn't that be pretty darn complicated to
do?
Bob
-----Original Message-----
From: Jon Hall [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, April 18, 2001 8:20 PM
To: CF-Talk
Subject: Re: How secure are cgi variables
Are you working on some kind of IP based security? While cgi.remote_addr is
generated by the server, ip address spoofing is not hard, so any ip based
security will not keep out a resourcful hacker.
jon
----- Original Message -----
From: "Robert Everland III" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Wednesday, April 18, 2001 7:10 PM
Subject: How secure are cgi variables
> I am playing around with cgi variables to see how secure they are.
> What I want to know is there anyway to change say the remote_addr or
> is that getting the ip address from somewhere else. I tried changing
> it to see how good my security is on a site I am coding and it
> wouldn't not change the remote_addr at all (I am using HTTP and
> httpparam to do this). Anyone have any insight into this?
>
>
> Bob Everland
>
>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
