So security is fake in large NATted networks?
2010/11/25 Niphlod <[email protected]>: > still there are no counter-indication.... > a session sticks to one single ip. > users of LAN (me and my brother) "hidden" by NAT, users of large WANs > like Fastweb in Italy (and quite everyone in China, I believe) show > themself to the webserver with the same IP address in the same > session. > As long as web2py don't bother if two different users have the same > IP, checking that the session cookie "comes" from the same address is > safer than the actual implementation and doesn't break anything. > I don't know if China's ISP and other privacy softwares, like Tor, can > change the IP address over a session.... in that case this > implementation will break things. > Still, I think that if the default "check" of "remember me 30 days" > saves the cookie for 30 days, probably I'll get to insert username and > password at least every day.... here in Italy if you turn down the > connection (or the router), you get a different IP address. > For me it's not a problem, but probably some people think differently. > > Niphlod > > > On 25 Nov, 17:55, Kuba Kucharski <[email protected]> wrote: >> @massimo >> >> this sounds good, although stealing creditentials/intercepting >> communication is most probable in the networks hidden over NAT - hence >> in this case it will not work. >> >> -- >> Kuba
