Bug w/ bugzilla and loadbalancing
mueller at kde.org
Fri Sep 20 00:44:17 BST 2002
On Don, 19 Sep 2002, Daniel Naber wrote:
> > But I feel unsafe in changing that. Could someone explain?
> So long actually that I didn't read it :-)
Read it. Basically its just a security measure against a cookie stealing
However, all of them are sick of this restriction. There are 3 suggestions,
none of them currently implemented:
a) make it check a "netmask" only. i.e. check the first 16 bits of the IP
if they still match
b) add a "loosely login" checkbox that makes it ignore the IP check
c) make it use the HTTP_X_FORWARDED_FOR HTTP Header, which would fix the
problem of a changing IP behind rotating Proxy servers.
Problem is here that often this header isn't there for privacy reasons
or it contains a private IP address in case of NAT (Simon's case).
IMHO reducing it to a class C netmask check would be the best thing to do.
it is very unlikely that rotating proxy servers aren't in the same subnet
for arp-proxying reasons.
There is a patch for this case attached to the bugreport but it doesn't seem
to be optimal. at least not clean enough for committing it.
Dirk (received 65 mails today)
More information about the kde-core-devel