Dan Muey wrote:
> Howdy,
>
> I realize that $ENV{'REMOTE_HOST'} and $ENV{'REMOTE_ADDR'} are handled
> differently and can be spoofed so don't worry I'm not basing any
> security on them.
I'm no security expert, but how can these be spoofed? They don't come from
the request headers, but are deriv
Dan Muey wrote:
> > Dan Muey wrote:
> > > Howdy,
> > >
> > > I realize that $ENV{'REMOTE_HOST'} and $ENV{'REMOTE_ADDR'} are
> > > handled differently and can be spoofed so don't worry I'm not
> > > basing any security on them.
> >
> > I'm no security expert, but how can these be spoofed? They
> >
I think what I'll do is just log $ENV{'REMOTE_HOST'} and $ENV{'REMOTE_USER'}
into a mysql database so I can review that info to watch for abusers.
Since they are logging in that will help verify most everybody and if a
user wants to give out his login info to other folks then just watching my li
> Dan Muey wrote:
> > Howdy,
> >
> > I realize that $ENV{'REMOTE_HOST'} and $ENV{'REMOTE_ADDR'}
> are handled
> > differently and can be spoofed so don't worry I'm not basing any
> > security on them.
>
> I'm no security expert, but how can these be spoofed? They
> don't come from the reques
> Dan Muey wrote:
> > > Dan Muey wrote:
> > > > Howdy,
> > > >
> > > > I realize that $ENV{'REMOTE_HOST'} and $ENV{'REMOTE_ADDR'} are
> > > > handled differently and can be spoofed so don't worry I'm not
> > > > basing any security on them.
> > >
> > > I'm no security expert, but how can these
