> Craig Vincent wrote:
> The best thing you can do is temporarily record the
> IPs of connections to your script, and then block IPs that connect to
> the script too often directly from your routing table.  It doesn't
> necessarily stop those using proxies but definately is more reliable
> than an HTTP_REFERER protection scheme.

If you are expecting to have a wide (uncontrolled) audience for the data
you are outputting I would strongly suggest against doing this as the
majority of major ISPs operate transparent web proxies - where everyone
from that ISP will appear to be coming from the same IP.
If I was a malitious user, I would get a block of 50 IPs, place them on a
unix box and then bind randomly to the IPs when making the calls... making
the work around for this security measure trivial.
Im not saying you shouldnt implement any method of security, as some
security is far better than none! Just making sure that everyone is aware
of the consequences and implications.

Dan Hardiker [[EMAIL PROTECTED]]
ADAM Software & Systems Engineer

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to