At 09:31 2014-05-27, [email protected] wrote:
On 2014-05-27 12:17, Gene Wirchenko wrote:
At 08:12 2014-05-27, [email protected] wrote:
I'm wondering how to identify the user's IP address so we can
apply tighter security. (MySQL allows you to restrict access by IP address.)
How do you get the person's true IP (and not just the internal
network IP)? Do you do a TraceRt and someone glean it from that?
What do you mean by "true IP"?
An internal network IP address is a genuine IP address. If such
a user can access the rest of the Internet, there will be an
outward-facing IP address (belonging to a router not the user) which
is used along with a port number (which changes for each Website
session), and this is tracked by the router. One of the names for
this is "IP masquerading".
I meant when the guy hits the web database, what is his IP? I
wanted to capture that in my VFP app so as to know where he's
coming from. I can configure the MySQL database to only accept
certain IP addresses---that's the motivation here...to increase security.
OK, but there is a risk here. The IP address is not his; it is
the one that he is using. Suppose the following:
Bob's computer has an internal network IP address of 10.1.1.1.
Sue's computer has an internal network IP address of 10.2.2.2.
Bob's and Sue's computers, when they go to the rest of the
Internet go through a router which has the outward-facing IP address
of 1.2.3.4.
If Bob accesses your site, you will see the IP address
1.2.3.4. If Sue accesses your site, you will also see the IP address 1.2.3.4.
This might be good enough for you to simply allow or disallow.
BUT...
If Bob is to be allowed and Sue not, this will not work as you
can not differentiate between Bob and Sue by IP address alone.
If you try to use the IP address to identify someone in some
way, then you can get trouble. Even if you use it to set defaults,
you will be mixing up Bob and Sue.
Some ISPs reassign IP addresses when your router connects after
rebooting the router.
You can disallow addresses for a block of users (basically by
ISP), but you can not reliably go any finer.
Sincerely,
Gene Wirchenko
_______________________________________________
Post Messages to: [email protected]
Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox
OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
This message: http://leafe.com/archives/byMID/profox/
** All postings, unless explicitly stated otherwise, are the opinions of the
author, and do not constitute legal or medical advice. This statement is added
to the messages for those lawyers who are too stupid to see the obvious.
