At 14.54 -0500 01-01-15, Tim Zickus poked the keyboard as follows:
> > Wow, I never thought of using the remote IP! Thanks for the tip. I
>> am going to use it today for an authentication system I'm building.
>
>Please note that remote IP is NOT reliable. For clients behind the proxies
>& gateways of large ISP's (AOL is the prime example) you can see the remote
>address bounce around from number to number, even within the same session,
>depending on which path the data takes.
>
Ach, oy vey! Then, having looked at AOL's info, it seems to me that
perhaps one could build a function or class that could evaluate
against a known list of alternate proxies. So, if the request came
from 152.163.197, it would recognize that as an AOL proxy and just
code the current proxy as "AOL" or something. Each subsequent request
(from 152.163.* etc.) would go through the same filter.
Obviously, this means that the system could be vulnerable to being
compromised by someone working through a large ISP such as AOL, but I
think it's unlikely that people with the expertise to sniff cookies
and such would be using AOL. And anyway, the system would still be
more secure than if I weren't using IP verification at all.
Does anyone one know of a class or function that's been already built
to do this?
Kristofer
--
______________________________________
Kristofer Widholm
Web Pharmacy
[EMAIL PROTECTED]
191 Grand Street, Brooklyn NY 11211
718.599.4893
______________________________________
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
