Dave Hodgkinson <[EMAIL PROTECTED]> wrote:
>
>Michael Peppler <[EMAIL PROTECTED]> writes:
>
>> Don't use the IP address. Some proxy systems have a non-static IP
>> address for requests coming from the same physical client (some of
>> AOLs proxies work that way, if I remember correctly...)
>
>"...or something..." ;-)
I've been trying to put together a ticket scheme for authentication here and
one of the issues is security and knowing someone else can't copy the ticket.
I went ahead and made the IP address an optional part of the ticket -- the
user can choose strong, medium, and weak security to include their IP, their
network, or no IP information at all. Might be something to consider --
default to something sane for some well-known networks like AOL.
--
James Smith <[EMAIL PROTECTED]>, 409-862-3725
Texas A&M CIS Operating Systems Group, Unix
