Hello "Dan Hardiker" <[EMAIL PROTECTED]>,

Then, it is not safe to do IP-based blocking, right? Any alternative?

On Thu, 16 May 2002 10:10:44 +0100 (BST)
"Dan Hardiker" <[EMAIL PROTECTED]> wrote:

> > Craig Vincent wrote:
> > The best thing you can do is temporarily record the
> > IPs of connections to your script, and then block IPs that connect to
> > the script too often directly from your routing table.  It doesn't
> > necessarily stop those using proxies but definately is more reliable
> > than an HTTP_REFERER protection scheme.
> If you are expecting to have a wide (uncontrolled) audience for the data
> you are outputting I would strongly suggest against doing this as the
> majority of major ISPs operate transparent web proxies - where everyone
> from that ISP will appear to be coming from the same IP.
> If I was a malitious user, I would get a block of 50 IPs, place them on a
> unix box and then bind randomly to the IPs when making the calls... making
> the work around for this security measure trivial.
> Im not saying you shouldnt implement any method of security, as some
> security is far better than none! Just making sure that everyone is aware
> of the consequences and implications.
> -- 
> Dan Hardiker [[EMAIL PROTECTED]]
> ADAM Software & Systems Engineer
> -- 
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php

Patrick Hsieh <[EMAIL PROTECTED]>
GPG public key http://pahud.net/pubkeys/pahudatpahud.gpg

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to