On 9/20/07, Deryck Hodge <[EMAIL PROTECTED]> wrote: > I completely agree you shouldn't use this middleware unless you know > and trust the proxy setup, but I can easily imagine (large corporate > networks) a situation where there could be multiple proxies. Seems to > me its better to be clear of the dangers in the docs rather than > trying to prevent someone using this with multiple proxies.
No. With the patch applied, the Middleware is *secure* for people who trust in _one_ reverse proxy. Without it, the Middleware is *insecure* for anybody who uses it. The use case for reverse proxy users who want to have a *reliable* remote address is not even hard: is impossible. No documentation can fix it. -- Leo Soto M. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~----------~----~----~----~------~----~------~--~---