Return-Path: Delivered-To: apmail-httpd-users-archive@www.apache.org Received: (qmail 70807 invoked from network); 28 Jan 2009 13:43:17 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 28 Jan 2009 13:43:17 -0000 Received: (qmail 93374 invoked by uid 500); 28 Jan 2009 13:43:05 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 93354 invoked by uid 500); 28 Jan 2009 13:43:05 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 93345 invoked by uid 99); 28 Jan 2009 13:43:05 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 28 Jan 2009 05:43:05 -0800 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of mearns.b@gmail.com designates 209.85.132.244 as permitted sender) Received: from [209.85.132.244] (HELO an-out-0708.google.com) (209.85.132.244) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 28 Jan 2009 13:42:57 +0000 Received: by an-out-0708.google.com with SMTP id d14so1322914and.39 for ; Wed, 28 Jan 2009 05:42:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=1wBiBjURdRHpb8FcM/8nipvHQopWapVaZPQ9ngKfZvc=; b=JQczKQq6FoGqfliVye2h+i4ETR4J3u4SRXd7BEQQIW5/EGW0Ua0fttBUmHIK3QSD15 Bj+o6sae9jD25dOWrcnGeVCjgzduwWgh7IfLEMp5xpOoI6Q2WJo2pE+9L+Sjx6boDCtd 69prpa0PmfaLKmcVihF0ZSPgQN5MChdh6eY7w= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=onVj2BUhVQEQ5I/2VqTv7ZxIS4YYgV3taOWXT/lUcCsw7Ywl8+UYUf0QYKByMrP5Mr ZBpz15k+HTsOnQ5gTOViqav6rRyB6dIzh2WX/kd/d6lPItD8vjGt9ep5urCr9ZUqn8TE +dRoRPHzinws1xRP++wDDVcOaV41PeDaX2C5Y= MIME-Version: 1.0 Received: by 10.65.234.18 with SMTP id l18mr2855345qbr.22.1233150156329; Wed, 28 Jan 2009 05:42:36 -0800 (PST) In-Reply-To: <49804D02.3070908@ice-sa.com> References: <4df3a1330901270526j6c566468l66f9e960c8e1b496@mail.gmail.com> <4df3a1330901270702r55e84664rd1ebb7a0ae791937@mail.gmail.com> <20090127183542.1451212f@grimnir> <1233082149.20501.253.camel@mattlaptop2.local> <4df3a1330901271116w6de8362el3bd273d6b4e605cf@mail.gmail.com> <20090127193542.7cd0de35@grimnir> <4df3a1330901271137g9e82ddal9ade24ac40326f2@mail.gmail.com> <497F75D3.8010507@ice-sa.com> <3BBAC469-0DDB-47C9-9A57-98D45FAC5AD3@webthing.com> <49804D02.3070908@ice-sa.com> Date: Wed, 28 Jan 2009 08:42:36 -0500 Message-ID: <4df3a1330901280542s69ab6079ofef989fe05d2fab8@mail.gmail.com> From: Brian Mearns To: users@httpd.apache.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Virus-Checked: Checked by ClamAV on apache.org Subject: Re: [users@httpd] IP-address spoofing a concern? On Wed, Jan 28, 2009 at 7:18 AM, Andr=E9 Warnier wrote: > Anyway, the OP did not sound like he was talking about an access to Fort > Knox, although you never know.. Oh shoot! Now you've blown my cover! =3DJ Man in the middle is what it is, I'm not really that concerned about it because I'm not dealing with anything too critical. I just want to provide some fairly robust security for a handful of users. I've got a lot to work with from this conversation, which is good. Ultimately, I'm going to leave it up to users whether or not they want to connect with HTTPS, and make it clear that this is the only way to really secure the session and data. Thanks again, -Brian --=20 Feel free to contact me using PGP Encryption: Key Id: 0x3AA70848 Available from: http://pgp.mit.edu/ --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org " from the digest: users-digest-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org