But there is somehow a way to get it more secure. Basically a key/IP combination would be very secure, it's just not useable for all users. Therefore you need to allow multiple IPs for the same session key. After you see that a user from another IP request a session id, you prompt a login again, and after successfull login you allow both IPs to access this session ID. Every user then basically has to login for each IP he uses; but it could be done more tricky, so the whole subnet that those two IPs are in is allowed. The security risk would be, that any other user going though the same gateway can steal the session just by knowing the correct session id.
If the user is coming through proxies (as it IMHO normally is if you have several IPs for a session), you could even do more fancy stuff. Proxies should send an x-forwarded-for header, where they will add every IP that sent the request (can be multiple hosts). This way you could allow all those proxies for the session, but just for the same end IP (which should be the last IP from the x-forwarded-for field before any internal IP). Now we just have the security hole left, if someone is in control of those proxies, then he could steal the session from the original user.
IMHO this is really everything you can get out of it; you even get it a lot securer for proxied users. The only problem are LANs that use random NAT-Gateways, which IMHO aren't widely spread ??.
If you see anything more to make it secure, or if I'm totally wrong, I'm glad to hear !?
greets, Marcel Greter
-- Reporting bugs: http://perl.apache.org/bugs/ Mail list info: http://perl.apache.org/maillist/modperl.html
