[TurboGears] Re: ip address in visit?

[Jeff Watkins]

As Patrick pointed out, the IP address is too prone to spoofing to add any extra security. Were Identity to rely on IP address in any way, everyone from AOL or Earthlink would stand a good chance of *appearing* to have the same IP address (thanks to NAT). No. A unique cookie handed out at the beginning of the visit should be sufficient. If you can hijack that, you can also hijack my IP address. On 3 Feb, 2006, at 8:01 pm, Alberto Valverde wrote: I guess the identity framework could check against this too for extra security, but that's another story... -- Jeff Watkins http://newburyportion.com/ "Advertising directed at children is inherently deceptive and exploits children under eight years of age." -- American Academy of Pediatrics