Bug w/ bugzilla and loadbalancing

Stephan Kulow coolo at kde.org
Mon Sep 23 09:05:55 BST 2002


Am Saturday 21 September 2002 01:31 schrieb Bradley Baetz:
> > My suggestion is: keep the IP in the cookie path, so you have to login
> > for any new IP, but never again as long as you have the cookie.
>
> But thats no security at all, because if you don't store the IP in the db,
> then the user can bypass the restrictions by chaning the cookie, and if
> you do store the IP in the db, then another user can bypass the IP
> restrictions by sniffing your connetion, and sending back that IP.
Who said I wouldn't want to store it in the DB? I just want to make the cookie
path canonial to the IP requested.

Greetings, Stephan





More information about the kde-core-devel mailing list