Bug w/ bugzilla and loadbalancing

Dirk Mueller mueller at kde.org
Fri Sep 20 00:44:17 BST 2002

On Don, 19 Sep 2002, Daniel Naber wrote:

> > But I feel unsafe in changing that. Could someone explain?
> http://bugzilla.mozilla.org/show_bug.cgi?id=20122
> So long actually that I didn't read it :-)

Read it. Basically its just a security measure against a cookie stealing 

However, all of them are sick of this restriction. There are 3 suggestions, 
none of them currently implemented: 

a) make it check a "netmask" only. i.e. check the first 16 bits of the IP
   if they still match

b) add a "loosely login" checkbox that makes it ignore the IP check

c) make it use the HTTP_X_FORWARDED_FOR HTTP Header, which would fix the
   problem of a changing IP behind rotating Proxy servers. 

   Problem is here that often this header isn't there for privacy reasons
   or it contains a private IP address in case of NAT (Simon's case). 

   -> useless. 

IMHO reducing it to a class C netmask check would be the best thing to do. 
it is very unlikely that rotating proxy servers aren't in the same subnet 
for arp-proxying reasons. 

There is a patch for this case attached to the bugreport but it doesn't seem 
to be optimal. at least not clean enough for committing it. 

Dirk (received 65 mails today)

More information about the kde-core-devel mailing list