IP verification happens immediately. Somewhat like TCP wrappers and
hosts.allow/hosts.deny
Basically our security works this way:
1) Check for IP on ACL
2) Match IP to Reseller account
3) Crypt Authentication and build SSL layer based on CRYPT_KEY
:)
Charles Daminato
OpenSRS Product Manager
Tucows Inc. - [EMAIL PROTECTED]
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Guennadi Moukine
> Sent: June 4, 2001 2:12 AM
> To: [EMAIL PROTECTED]
> Subject: IP verification
>
>
> At which point does OpenSRS verifies that the call comes from an
> authorized IP?
> Is it at the beginning of the session when checking domain dame
> availability or when choosing a password or during the last
> "register" action?
> I need to know because one of my pages is executed by my payment gateway
> provider (HTTP call). I need to know if I need to specify their
> IP as well
> in the list of authorized IPs.
> Does it make sense?
>
> Thanks,
> Guennadi M
>
