perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daniel Little" <d...@metrex.net>
Subject Re: Doing Authorization using mod_perl from a programmersperspective
Date Mon, 10 Dec 2001 23:20:38 GMT
From: "Jon Robison" <jon.robison@uniphied.com>

> What about sockets?  I am in the middle of trying to use $c =
> $r->connection and $c->remote_addr as part of the cookie name.  (So far
> I am having trouble with the fact that remote_addr returns packed info,
> and I am still searching for how to unpack it - if you know, tell me!).
>
> It's not 'foolproof', but how many casual cookie stealers can force
> their browser to use a particular socket?

How would this be effective? If multiple users are behind a firewall that
uses NAT, they will all have the same remote IP address. As for the remote
port, that changes from connection to connection so it's not possible to use
it as a reliable indicator either.


Mime
View raw message