[TurboGears] Re: ip address in visit?
The only thing I'd point out is that you didn't check whether your extension was enabled in `start_extension`. I updated the the tutorial to make that check. Thanks.
[TurboGears] Re: ip address in visit?
As Patrick pointed out, the IP address is too prone to spoofing to add any extra security. Were Identity to rely on IP address in any way, everyone from AOL or Earthlink would stand a good chance of *appearing* to have the same IP address (thanks to NAT).No. A unique cookie handed out at the beginning of the visit should be sufficient. If you can hijack that, you can also hijack my IP address.On 3 Feb, 2006, at 8:01 pm, Alberto Valverde wrote:I guess the identity framework could check against this too for extra security, but that's another story... --Jeff Watkinshttp://newburyportion.com/"Advertising directed at children is inherently deceptive and exploits children under eight years of age."-- American Academy of Pediatrics
[TurboGears] Re: ip address in visit?
For the most part, I *like* tracking lots of information about my visitors. I'm just that kind of guy. I'm currently working on an article or two about using Visit tracking to perform collaborative filtering. IP-based location could certainly factor into that.But I'm never certain how much should go into the main visit table.On 4 Feb, 2006, at 10:43 am, Jeff Grimmett wrote:On 2/3/06, rick [EMAIL PROTECTED] wrote: Shouldnt the visit table store the IP Address of the visit as well? So+1I've been doing that here from before visit was part of the app. My main interest in doing it was sorting out troublesome IP addresses that kept hitting 404 because they were trying various known ruses to get control of my PC. Someone that tries once or twice and moves on, no problem, but repeated visits - I'm sending an [EMAIL PROTECTED] email.-- "I never gave anybody hell. I just told the truth and the Republicans thought it was hell." - Harry S. Truman.Best,Jeff --Jeff Watkinshttp://newburyportion.com/"Computers are like Old Testament gods; lots of rules and no mercy."-- Joseph Campbell
[TurboGears] Re: ip address in visit?
The only thing I'd point out is that you didn't check whether your extension was enabled in `start_extension`. Otherwise, it looks good. On 4 Feb, 2006, at 7:02 am, Patrick Lewis wrote: Funny you mention the plugins. This thread made me think a bit about how to implement ip tracking as a plugin. I wrote up a little tutorial on how to do this: http://trac.turbogears.org/turbogears/wiki/ExtendingVisitFramework Jeff, if you wouldn't mind looking this over to see if I've missed anything, I would appreciate it. -- Jeff Watkins http://newburyportion.com/ Just because you have the right to do something, doesn't mean it's the right thing to do. -- Fred Friendly, former president of CBS News
[TurboGears] Re: ip address in visit?
+1 I guess the identity framework could check against this too for extra security, but that's another story... Alberto. On 04/02/2006, at 0:40, rick wrote: Shouldnt the visit table store the IP Address of the visit as well? So we can check from where the user last logged in. This would be helpful for auditing purposes. As well as quasi-geographic plotting (in case the webmaster had that particular bug up their sleeve) If this is a wanted item i will submit a patch.
[TurboGears] Re: ip address in visit?
I agree.. if you compare the cookie against the ip address in the database you can prevent session hijacking