good chemistry is complicated, and a little bit messy -LW |
|
PerlMonks |
Re: Re: Web based password management (or how *not* to blame tye)by mattriff (Chaplain) |
on Mar 24, 2002 at 21:24 UTC ( [id://153940]=note: print w/replies, xml ) | Need Help?? |
In my experience, yes you do. :) I worked on a web application that started by comparing whole IP addresses on each access, and we started to have quite a few reports of people behind proxy pools having a problem. Backing up a bit and only checking to see if the IP is in the same /16 or /24 (checking the first two or three numbers, that is) helps, although it doesn't eliminate the problem entirely (and it really weakens the effectiveness of the test). Checking IPs can be useful in some situations, but for large-scale applications where the "general public" will be connecting to your interface, I wouldn't recommend it. - Matt Riffle
In Section
Meditations
|
|