On Thursday 04 July 2002 09:09, Chris Shiflett wrote:
> As a caveat to Mr. Serra's suggestion, remember that there are *many*
> users who will go through an IP masquerading gateway or proxy, so their
> IP may fluctuate, even though they are actively browsing. For this
> reason, it is often necessary to tolerate some fluctuation in the IP
> address, perhaps only in the last octet though.
This can be self-defeating in that an attacker in the same network segment of
the user is probably in the best position to sniff and hijack the session
that you're trying to protect. Allowing this leeway makes the attacker's job
much easier!
--
Jason Wong -> Gremlins Associates -> www.gremlins.com.hk
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
/*
"Life, loathe it or ignore it, you can't like it."
-- Marvin, "Hitchhiker's Guide to the Galaxy"
*/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
