Miguel Cruz wrote: > > I'd suggest ignoring IP altogether and focusing on other tactics. There > are just too many pitfalls in trusting IPs and too much user annoyance > possible from not trusting them.
Well, the way I made it admins get emailed each every time a user gets refused because of a bad IP, and they can decide to apply a control policy from 0 to 4 octets check. It seems fair to me: admins will be annoyed by emails just as much as users will be annoyed by their security policy. This should lead to some balance, in the long run :) Chances are most commercial sites will set the check IP rule to 0 but in case someone wants a strict check he can configure the system to do so. I guess this will fit everybody. And of course we do have all the other stuff, so even without IP checks the systems remain pretty secure. Thanks for helping Alberto Kiev -- @-_=}{=_-@-_=}{=_-@-_=}{=_-@-_=}{=_-@-_=}{=_-@-_=}{=_-@-_=}{=_-@ LoRd, CaN yOu HeAr Me, LiKe I'm HeArInG yOu? lOrD i'M sHiNiNg... YoU kNoW I AlMoSt LoSt My MiNd, BuT nOw I'm HoMe AnD fReE tHe TeSt, YeS iT iS ThE tEsT, yEs It Is tHe TeSt, YeS iT iS ThE tEsT, yEs It Is....... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php