[rt-users] Coockie problems with proxies
Bill Sommerfeld
sommerfeld at orchard.arlington.ma.us
Fri Apr 7 11:36:13 EDT 2000
> Or put less of the IP in the cookie - mask it with a network mask. This
> was a recommended solution I saw somewhere - I can't remember if it is in
> the doco for CGI.pm, or in Apache documentaion, or in a Lincoln Stein book
> I have...
There's no guarantee that all proxies a user may appear through will
be in the same block, or that you'll be able to guess an appropriately
wide netmask..
If you want security, don't trust the source IP address.. an attacker
trying to steal a session may be coming through the same proxy as the
victim...
Instead, use SSL ..
- Bill
More information about the rt-users
mailing list