Re: Can $_SERVER['REMOTE_ADDR'] be trusted?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Sed wrote:

Is it possible for hackers to give a fake IP address when visiting a website
running PHP?

I want to allow certain IP addresses have access to a website (other IP
addresses not), is it possible for someone (e.g. hacker) to give fake IP
address? If so, how is the website returned to this someone?

If you have any reference or links on this, please send me!

If you know the addresses you want to allow access, then it will be reasonably safe, since the hacker would have to have the same list, and if they have inside information, they are probably already hacking you by some other route. Almost anything can be faked if they want to, but they have to know WHAT to fake ;)


If you want to authenticate users and log their IP address, then forget it. Since most IP addresses are dynamic and the same user could have a different address each time.

--
Lester Caine
-----------------------------
L.S.Caine Electronic Services

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux