On Fri, July 8, 2005 11:25 am, Ezra Nugroho said: > > Here is one security measure that you HAVE to do if you allow people to > submit contents to your site. > > 1. track client's IP. > 2. Associate sensitive cookies with the IP, if they don't match, ignore > it or invalidate the cookie. > > We may not stop the information redirection. > We can make the information invalid. NO!!! IP is *USELESS* as identification! AOL users change IP more often than drummers change their underwear. EVERY user working at IBM is gonna have the *same* IP address. You will only break your site for legitimate users, and not make anything useful to stop Bad Guys. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
