It's actually easier, and better to check the IP first. This is a simple TCP wrapper type application and requires very little in the way of system resources. If we authenticated for each unknown query, it is expensive for the system to do that THEN check IP.
Our sequence is as follows: 1) IP ACL 2) Username matches IP ACL (more than one OpenSRS Reseller could be on the same IP, virtually hosted, whatever) 3) Username/Crypt key authentication We find this to be clean, simple, and effective. Charles Daminato TUCOWS Product Manager [EMAIL PROTECTED] On Sat, 13 Oct 2001, erol M wrote: > Now that I think about it, yes, this makes complete sense! > Lemme check and see what the exact sequence of events here is; but I think > you are correct. As you would have to send the username along before the > SRS system could allow or deny your IP ( READ: We need to know who you are > before we kick you out or let you in :) > > On Sat, 13 Oct 2001, robin balen wrote: > > > Wouldn't it make more sense to let someone enter their username and > > password, check those, *then* see if the IP address that they are > > connecting from is allowed for *that* account?! > > > > > Youll get kicked off right away before any of the > > > authentication if the IP is not in the OpenSRS system. The IP > > > is the first line of checks when you connect to SRS, and then > > > comes the authentication and the handshakes etc etc.... > > > > --------------------------------------- > -erol M > Life is the sieve through which my anarchy strains > >
