[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-core-devel
Subject: Re: Bug w/ bugzilla and loadbalancing
From: Stephan Kulow <coolo () kde ! org>
Date: 2002-09-23 8:05:55
[Download RAW message or body]
Am Saturday 21 September 2002 01:31 schrieb Bradley Baetz:
> > My suggestion is: keep the IP in the cookie path, so you have to login
> > for any new IP, but never again as long as you have the cookie.
>
> But thats no security at all, because if you don't store the IP in the db,
> then the user can bypass the restrictions by chaning the cookie, and if
> you do store the IP in the db, then another user can bypass the IP
> restrictions by sniffing your connetion, and sending back that IP.
Who said I wouldn't want to store it in the DB? I just want to make the coo=
kie
path canonial to the IP requested.
Greetings, Stephan
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic