Miguel Cruz wrote:
> I'd suggest ignoring IP altogether and focusing on other tactics. There 
> are just too many pitfalls in trusting IPs and too much user annoyance 
> possible from not trusting them.

Well, the way I made it admins get emailed each every time a user gets 
because of a bad IP, and they can decide to apply a control policy from 
0 to 4
octets check. It seems fair to me: admins will be annoyed by emails just as
much as users will be annoyed by their security policy. This should lead to
some balance, in the long run :)

Chances are most commercial sites will set the check IP rule to 0 but in 
case someone wants a strict check he can configure the system to do so. 
I guess this will fit everybody. And of course we do have all the other 
stuff, so even without IP checks the systems remain pretty secure.

Thanks for helping



LoRd, CaN yOu HeAr Me, LiKe I'm HeArInG yOu?
lOrD i'M sHiNiNg...
YoU kNoW I AlMoSt LoSt My MiNd, BuT nOw I'm HoMe AnD fReE
tHe TeSt, YeS iT iS
ThE tEsT, yEs It Is
tHe TeSt, YeS iT iS
ThE tEsT, yEs It Is.......

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to