Hrvoje Habjanić writes:
On Wednesday 05 July 2006 12:46, Sam Varshavchik wrote:Roberto Polli writes: > Alle 20:35, martedì 4 luglio 2006, hai scritto: >> persuading MrSam that it should be done...Patches to pass the remote IP >> address have been ... rejected in the past; > > do you know why that patch was rejected?Because I've yet to see a logical explanation why authlib needs to know this. authlib's purpose is to verify account passwords. That's it. The client's IP address is completely and totally irrelevant as far as the answer to the following question: is the password valid?True.BUT there then should be some kind of mechanism to limit/deny specific user based on IP address (and maybe some other criteria).
If you start chasing every kind of marginal situation that someone dreams up, thing will quickly spiral downhill.
I happen to have some knowledge of things that go on inside the corporate networks of 800 lb. corporate gorillas. Literally billions of dollars in financial transactions move every day. Now, I can tell you that one of the things they do NOT do, as far as remote access from employees, is have some kind of stupid IP-based restrictions.
pgp5ykCronHM3.pgp
Description: PGP signature
Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________ Courier-imap mailing list Courier-imap@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap
