Uhhhh. CGI.REFERER will give you the last page the user visited. You must mean
CGI.REMOTE_ADDR
Also, what if 2 ppl are behind a firewall and use the same IP as their proxy server?
Finally, CF server does exactly this, using CFID and CFTOKEN, so what are you really
accomplishing by reinventing the wheel?
my $0.02
-d
---------- Original Message ----------------------------------
From: Graham Wood <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Date: Wed, 05 Sep 2001 16:09:36 +0100
Hi,
I am currently trying to develop a secure application using fusebox and
wondered if anyone can see any security problems with the following idea.
User logs in using a secure connection, on successful login the users IP is
logged using CGI.REFERER and then the user is allocated a unique session
number(details stored in database). Each link throughout the site passes
back to the server the session number which then compares the IP of the
requesting client to the IP of the user who logged in originally and was
allocated this session number.
I am sure there are lots of ways to achieve the same goal I just wondered
if there are any holes in this design.
Thanks
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Get the mailserver that powers this list at http://www.coolfusion.com
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
