WebApp Sec mailing list archives
RE: HTTP Authentication & Source IP Address
From: "Matt Petteys" <mpetteys () securestate net>
Date: Sat, 30 Nov 2002 11:37:59 -0500
HTTP requests from multiple individuals can come from a single ip address when being routed through a firewall or proxy.. And HTTP requests from one individual can come from different ip addresses when connecting through a proxy network such as AOL's. http://webmaster.info.aol.com/proxyinfo.html If your application is targeted for a wide audience of users then make sure you don't assume too much about the relationship between the originating IP address and the individual's session.
-----Original Message----- From: James Wilkinson [mailto:james.wilkinson () jwit co uk] Sent: Saturday, November 30, 2002 8:14 AM To: Security Focus Forum Subject: Re: HTTP Authentication & Source IP Address Hi, In the recent discussion on HTTP Authentification, it was said (by Bob Lee) that you can't tie the origin of the the request (the IP address) to the session for reasons that have been discussed here time and time again. For a recent joiner of this forum, where can I find this discussion, or could someone please re-iterate the reasons (yet again). Thanks. J. James Wilkinson James Wilkinson IT Ltd. email: james.wilkinson () jwit co uk Tel: 023 80456076 Mob: 07748 992874
Current thread:
- Re: HTTP Authentication & Source IP Address James Wilkinson (Nov 30)
- Re: HTTP Authentication & Source IP Address Dorian Moore (Nov 30)
- RE: HTTP Authentication & Source IP Address Matt Petteys (Nov 30)
- Dead Thread - HTTP Authentication & Source IP Address Mark Curphey (Nov 30)
- Re: HTTP Authentication & Source IP Address Jeff Dafoe (Nov 30)