If you are creating an application that communicates using TCP, but only want to take requests from the localhost, are there reasons why you would not want to check that the incoming request is from localhost and then trust it? This is in a Windows environment. Would IP spoofing work if the application was checking for the IP address 127.0.0.1? If so, how likely is it that IP spoofing would work today, in a corporate environment?
Thank you for any direction you can provide. _____________________________________________________________ Fight the power! BlazeMail.com --------------------------------------------------------------------------- ----------------------------------------------------------------------------