Hi,
Can we define the IP restrictor interface to
handle this? In future we may have other requirements
based for example date. We can change the IP
restrictor to address this.
What do you think?
Thanks,
Rana Bhattacharyya
--- Niklas Gustavsson <[EMAIL PROTECTED]> wrote:
> Tony Zhou wrote:
> > Dear Niklas Gustavsson:
> >
> > One question here, shouldn't the check for max
> connections per IP be
> >> independent on the user ID? I'm thinking of this
> limit as a measure for
> >> inhibiting users trying to get around the max
> conns per user limit by
> >> using multiple user names. In the current shape,
> what would be the use
> >> case for the limit?
> >
> > Here is my opinion: The user account level login
> limits for IP address is a
> > more finegrained access control than the pure IP
> address login limits. Here
> > is a scenario for this: The ftp welcomes the
> upload activities while limits
> > the download activities. Two accounts: upload
> (unlimited login), and
> > download (1 login) are created. In this case, the
> account level access
> > control will do the job while the IP only solution
> cannot deal with it.
> >
> > Although the end user may bypass this limit by
> using mulitple user names,
> > the precondition is that the system has multiple
> accounts, and the user
> > knows their passwords. Normally this will not
> happen easily at all.
> > Meanwhile, the global connection limit, together
> with the ip restrictor,
> > can
> > partially prevent the mal-behavior user's attack
> towards the server.
>
> Thanks. After some thought I also think this can be
> beneficial in
> limiting a user from using programs that allow for
> multiple concurrent
> transfers by using multiple sessions.
>
> I have taken a closer look at the patch and made
> some minor adjustments,
> unless someone else finds some flaws I'll commit it
> tonight. Thanks for
> your work, and always feel free to write up
> additional patches in the
> future!
>
> /niklas
>
>
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
