Re: [Phplib-users] Basic authentication
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
Re: [Phplib-users] Basic authentication
|
From: Michael C. <mdc...@mi...> - 2002-02-02 19:07:46
|
On Fri, Feb 01, 2002 at 02:02:30PM -0500, Kevin Fredrick wrote: > I would say that you use the IP address of the user coming from A to B > and some secret known only to A and B to encrypt the data and append > it > to the URL. Forget the IP address, a shared secret is fine if the encryption is good. > When you get the forwarded link from A the users "should" > still be using the same IP address. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Sorry to be so blunt, but this is absolutely wrong, and I want to save someone the time of going down this road only to have to redo their code when the find it doesn't work. Many large ISP's, AOL among them, run all port 80 traffic through a proxy farm. The IP address of the request rarely remains consistent across page views. Here's an example of me surfing my site through AOL: 64.12.96.166 - - [02/Feb/2002:12:58:45 -0600] "GET /services.php3 HTTP/1.0" 200 5479 64.12.96.78 - - [02/Feb/2002:12:58:49 -0600] "GET /contact.php3 HTTP/1.0" 200 5822 64.12.96.103 - - [02/Feb/2002:13:01:12 -0600] "GET /aboutus.php3 HTTP/1.0" 200 6511 Name: cache-mtc-ah01.proxy.aol.com Address: 64.12.96.166 Name: cache-mtc-ac09.proxy.aol.com Address: 64.12.96.78 Name: cache-mtc-af02.proxy.aol.com Address: 64.12.96.103 Michael -- Michael Darrin Chaney mdc...@mi... http://www.michaelchaney.com/ |
