Re: Re: Can $_SERVER['REMOTE_ADDR'] be trusted?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Lester Caine wrote:
Sed wrote:

Is it possible for hackers to give a fake IP address when visiting a website
running PHP?


I want to allow certain IP addresses have access to a website (other IP
addresses not), is it possible for someone (e.g. hacker) to give fake IP
address? If so, how is the website returned to this someone?

If you have any reference or links on this, please send me!


If you know the addresses you want to allow access, then it will be reasonably safe, since the hacker would have to have the same list, and if they have inside information, they are probably already hacking you by some other route. Almost anything can be faked if they want to, but they have to know WHAT to fake ;)

I would not rely on IP addresses being secret. There are ways to find out IP addresses that belong to an organization, and try the whole range. For example just by receiving an email. And second, most attacks come from insiders, they have the info and far greater possibilities.


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux