>
> I'm not sure what you mean by this. If an HTTP request is coming from my
There's connection and reported connection IP. I remember back in the days there
was a security bug in CFHTTP where you could 'control' the IP that was reported
in the CGI vars.
> > checking amount of attempts per UN - scheduled attempt
>
> This is probably the most common way that people handle this problem, to the
> extent that they bother with it at all.
That's what I expected.
> > or multiple UN tries hidden communications key in stream -
> > can be 'seen' (combined with SSL might work)
>
> I'm not exactly sure what you mean by this, or why SSL would make any
If someone is watching the TCP/IP traffic and decoding it. SSL will hide it (to
a point). Having a var passed from the app to the web service as an
authentication var woul be just an extra level of security but is really
security through obscurity. Something that people just can't see, but once
known, is useless.
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
