[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    Re: Bug w/ bugzilla and loadbalancing
From:       Stephan Kulow <coolo () kde ! org>
Date:       2002-09-23 8:05:55
[Download RAW message or body]

Am Saturday 21 September 2002 01:31 schrieb Bradley Baetz:
> > My suggestion is: keep the IP in the cookie path, so you have to login
> > for any new IP, but never again as long as you have the cookie.
>
> But thats no security at all, because if you don't store the IP in the db,
> then the user can bypass the restrictions by chaning the cookie, and if
> you do store the IP in the db, then another user can bypass the IP
> restrictions by sniffing your connetion, and sending back that IP.
Who said I wouldn't want to store it in the DB? I just want to make the coo=
kie
path canonial to the IP requested.

Greetings, Stephan

[prev in list] [next in list] [prev in thread] [next in thread]