tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ralph Einfeldt <ralph.einfe...@uptime-isc.de>
Subject AW: HttpSession across virtual hosts
Date Thu, 08 Feb 2001 11:56:44 GMT
For any hacker it is quite easy to fake an IP address.

If you do something like that it's more likely that you
will punish several of your users, because everybody
who is connected through a call by call provider
can have several IP addresses during one session.

> -----Urspr√ľngliche Nachricht-----
> Von: David Oxley [mailto:dave@staffplanner.co.uk]
> Gesendet: Donnerstag, 8. Februar 2001 11:38
> An: tomcat-user@jakarta.apache.org
> Betreff: HttpSession across virtual hosts
<snip/>
> 2. If I save the remote ip address and check it during the 
> AttachSession, is
> that secure enough or can some hacker pretend to be the same 
> ip address?
<snip/>

Mime
View raw message