Re: [securityfilter-devel] New feature proposal: IP address fixing
Brought to you by:
chris_schultz,
maxcooper
Menu
▾
▴
Re: [securityfilter-devel] New feature proposal: IP address fixing
|
From: Christopher S. <ch...@ch...> - 2008-03-13 23:58:43
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 All, Christopher Schultz wrote: | I'm considering adding another feature to the 2.x version of | securityfilter. Let me know what you think. | | Some web sites allow you to enable "IP address checking" or something | sounding like that. Basically, your session will be tied to your IP | address for extra security. That way, even if someone can guess your | session id and submit it along with a request, they can't hijack your | session. After implementing this, I'm starting to think that maybe it would be better to implement it separately (say, as a completely separate Filter). First, it's entirely orthogonal to both authentication and authorization (which is what sf is really for). Second, it requires additional processing of every request, which results in a (small) performance hit. Even offering this as an optional feature requires checking a flag for whether we should perform the check, etc. Honestly, I think this kind of pollutes sf. The only reason I was even considering it was because it sort of goes along with authorization, but in a completely different way. I'm not entirely objecting to inclusion in the project... I just think it should probably be put into a separate Filter that can be configured completely separately from the main sf Filter. Any thoughts? Thanks, - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkfZv6cACgkQ9CaO5/Lv0PBCTQCgsCzHD4ht/wU9gEUfrFHPRcUK amIAnAwkV44XHmbYDglazcudX0/MGyNW =aSdv -----END PGP SIGNATURE----- |
