hmmm... for those of us really in the know...
spoofing doesn't let an invalid user get access to sensitive data on your
site.
if someone is spoofing a valid ip address, the return packets will travel to
the spoofed ip address, not to the 'real' ip address of the spoofer. so,
even though they have a 'valid' ip address, they still can't see anything.
mike
on 9/6/01 1:31 AM, Tom Carter at [EMAIL PROTECTED] wrote:
> Just to bring that point up again.... for those in the know, IP addresses
> are easy to spoof, in other words make it appear that it comes from
> elsewhere. If your system contains sensitive or confidential data then I
> would suggest you do both - username/password and IP
-- mike cullerton
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
