> Craig Vincent wrote: > The best thing you can do is temporarily record the > IPs of connections to your script, and then block IPs that connect to > the script too often directly from your routing table. It doesn't > necessarily stop those using proxies but definately is more reliable > than an HTTP_REFERER protection scheme.
If you are expecting to have a wide (uncontrolled) audience for the data you are outputting I would strongly suggest against doing this as the majority of major ISPs operate transparent web proxies - where everyone from that ISP will appear to be coming from the same IP. If I was a malitious user, I would get a block of 50 IPs, place them on a unix box and then bind randomly to the IPs when making the calls... making the work around for this security measure trivial. Im not saying you shouldnt implement any method of security, as some security is far better than none! Just making sure that everyone is aware of the consequences and implications. -- Dan Hardiker [[EMAIL PROTECTED]] ADAM Software & Systems Engineer -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
