On 3 May 2011 10:54, Peter Hickman <[email protected]> wrote: >> Great way to annoy users "Thank you for providing correct credentials, >> but get lost anyway..." :-/ >> It would probably be nicer to deny on IP address first, that way you >> wouldn't expose your login forms on systems whose IP addresses you >> don't want logging in for whatever reason. > > Here you are assuming that there is only one set of users / ip > addresses and that all users are being validated by ip address.
Well... I'm assuming the situation from one use case (given the very limited info supplied to that point - "How to ... authenticate user from login based on their IP address?") > Given the situation that there are multiple users accessing from > multiple ip addresses It's always nice to get the info eked out in dribs and drabs... :-/ > how do you propose to authenticate someone based > on their ip address if you don't know who they are? Yup... given that situation, you don't have much choice (other than to have different login forms for different user types - and that would probably very quickly become the *worst* nightmare to manage) > Authentication is ENTIRELY edge cases :) double-yup! -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
