Bug w/ bugzilla and loadbalancing
Stephan Kulow
coolo at kde.org
Mon Sep 23 09:05:55 BST 2002
Am Saturday 21 September 2002 01:31 schrieb Bradley Baetz:
> > My suggestion is: keep the IP in the cookie path, so you have to login
> > for any new IP, but never again as long as you have the cookie.
>
> But thats no security at all, because if you don't store the IP in the db,
> then the user can bypass the restrictions by chaning the cookie, and if
> you do store the IP in the db, then another user can bypass the IP
> restrictions by sniffing your connetion, and sending back that IP.
Who said I wouldn't want to store it in the DB? I just want to make the cookie
path canonial to the IP requested.
Greetings, Stephan
More information about the kde-core-devel
mailing list