Miguel Cruz wrote:
>
> I'd suggest ignoring IP altogether and focusing on other tactics. There
> are just too many pitfalls in trusting IPs and too much user annoyance
> possible from not trusting them.
Well, the way I made it admins get emailed each every time a user gets
refused
because of a bad IP, and they can decide to apply a control policy from
0 to 4
octets check. It seems fair to me: admins will be annoyed by emails just as
much as users will be annoyed by their security policy. This should lead to
some balance, in the long run :)
Chances are most commercial sites will set the check IP rule to 0 but in
case someone wants a strict check he can configure the system to do so.
I guess this will fit everybody. And of course we do have all the other
stuff, so even without IP checks the systems remain pretty secure.
Thanks for helping
Alberto
Kiev
--
@-_=}{=_-@-_=}{=_-@-_=}{=_-@-_=}{=_-@-_=}{=_-@-_=}{=_-@-_=}{=_-@
LoRd, CaN yOu HeAr Me, LiKe I'm HeArInG yOu?
lOrD i'M sHiNiNg...
YoU kNoW I AlMoSt LoSt My MiNd, BuT nOw I'm HoMe AnD fReE
tHe TeSt, YeS iT iS
ThE tEsT, yEs It Is
tHe TeSt, YeS iT iS
ThE tEsT, yEs It Is.......
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
