Search Postgresql Archives

Re: Password safe web application with postgre

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Steve Crawford wrote:
You can make some modest security improvements by storing things such as the browser identification and IP address in the session data and verifying it on each request but IP verification fails if the user is behind a proxy like AOL's where each request may come from a different IP.
It'll also break with IPv6 Privacy Extensions (RFC3041), especially with fairly short connection keepalive intervals.
With Windows Vista supporting IPv6 and enabling it by default that's a significant concern. Its resolver doesn't appear to prefer IPv6 despite early documentation indicating that it would (eg: http://kame.org will prefer IPv4 to IPv6 on Vista) so it's not an urgent issue, but it bears thinking about.
It's great that PostgreSQL supports IPv6 so well, by the way. It provides me with transparent access to databases on my testing workstation from many of the networks I use day to day. 

--
Craig Ringer
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux