On 5/21/08, Carl Vondrick <[EMAIL PROTECTED]> wrote: > > I may be wrong, but I think the problem is that on a shared host, > the IP address will be 127.0.0.1 when accessing a site on the same > machine. > > I feel like jumping in here. I believe that the IP address will be the external IP of the server, since the DNS lookup on the domain example.org(in your scenario) points to that external IP address, even though it originates from the same computer. I don't have a DNS server handy to try this out, however, so perhaps someone who does can test this and let the rest of the list know?
In another related point, I think it's unlikely for a hacker to register a hosting account for the sole purpose of hacking a symfony dev controller. Yes, it could happen, but the programmers who leave the dev controllers on the prod servers are generally writing smaller apps, and the payoff is unlikely high enough to go through the hassle of paying for a hosting account and prevent that from being tracked back to the hacker. Don't get me wrong, if that scenario works, I think we still need to figure out a way to prevent that from happening, but as it is the new system would still be more secure than previously. --Colin --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en -~----------~----~----~----~------~----~------~--~---
