Marcus Börger wrote: > I do not think having your cookie beeing part of dns is > a fast solution or did you your self register many of > these entrie before you brought > your page up because than i get me a dns server download your > possible cookielist (then it is a download :-) ) and and do a > little easy > hacking.
i think you are missing here the possibility of wildcard A records such as * IN A 86400 w.x.y.z Such a record in your zone will match each and any host. See http://gugelhupfdiwupf.lernnetz.de for an application that utilizes this. Wildcard-A's are especially useful in conjunction with mod_vhost, if your are not using them for session ids. Also, there is no such list to download. There is just the above line in your zone. > And of cause you do not use IP adresses if so you could not > distinguish > between usesers sitting behind a firewall in an intranet. > Cookie - yes you need not with that solution. If I am informed correctly, one of the claim in the SevenVal Patent essentially covers Wildcard-A's. Technically, this cannot be granted, as Google easily finds prior application of Wildcard-A's that dates back to the late 80ies. Yet, it is still an unchallenged claim and therefore a reaily before the law. The essential "new" idea that SevenVal wants to protect is the combination of two standard ideas of Wildcard-A's and secure md5 session ids, thus the patent - reality of patent law today. Kristian -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php
