Bimal Pouldel wrote:
> In one of my project for IntraNet, I am using PHP to identify
> the client's IP, because, I have availed the access privilleges
> using the IP.
>
> But there is yet a serious problem: if somebody tries to change
> the IP of his/her computer, how should I detect at the server
> that the client's IP was not as intended?
>
> Here is my simple logic normally:
>
> validateIP('download');
> // A page is protected and the
> // client's IP requires "download"
> // previlages available in the database.
>
> function validateIP($service)
> {
> $ip=$_SERVER['REMOTE_ADDR'];
> $dbresult=$db->query('SELECT service from SERVICES where
> ip="'.$ip.'"');
>
> $serviceFlag=$db->nextRecord();
> if($serviceFlag['service']!=1)
> // kill the page()
> else
> // grant access to the page
> } // validateIP()
>
>
> Now, how should I find the $_SERVER['REMOTE_ADDR'] if it is not
> comming from the real computer/client?
>
> Help me, so that I can kick off the hackers to my intranet.
>
> Thanks.
>
>
>
>
> =====
> Bimal Poudel
> (Information Management)
> Kathmandu, Nepal
>
> http://fakenepal.tripod.com
>
>
>
> __________________________________
> Do you Yahoo!?
> Yahoo! Mail - 50x more storage than other providers!
> http://promotions.yahoo.com/new_mail
>
>
> PHP Data object relational mapping generator -
> http://www.meta-language.net/
>
>
> *Yahoo! Groups Sponsor*
> ADVERTISEMENT
> click here
> <http://us.ard.yahoo.com/SIG=12967i5kd/M=295196.4901138.6071305.3001176/D=groups/S=1705006764:HM/EXP=1095843670/A=2128215/R=0/SIG=10se96mf6/*http://companion.yahoo.com>
>
>
>
> ------------------------------------------------------------------------
> *Yahoo! Groups Links*
>
> * To visit your group on the web, go to:
> http://groups.yahoo.com/group/php-objects/
>
> * To unsubscribe from this group, send an email to:
> php-objects-unsubscribe@yahoogroups.com
> <mailto:php-objects-unsubscribe@yahoogroups.com?subject=Unsubscribe>
>
> * Your use of Yahoo! Groups is subject to the Yahoo! Terms of
> Service <http://docs.yahoo.com/info/terms/>.
>
>
You are quite right in not relying on the "$_SERVER['REMOTE_ADDR']"
value as it can be spoofed by sending raw HTTP header information.
The only secure way around this probably by using SSL and certificates
but I haven't done that - yet!
Does any one have any other ideas or an example of SSL connections?
I'm sure a lot of us could use it!
Andrew Clark
Dorset, England
------------------------ Yahoo! Groups Sponsor --------------------~-->
Make a clean sweep of pop-up ads. Yahoo! Companion Toolbar.
Now with Pop-Up Blocker. Get it for free!
http://us.click.yahoo.com/L5YrjA/eSIIAA/yQLSAA/saFolB/TM
--------------------------------------------------------------------~->
PHP Data object relational mapping generator - http://www.meta-language.net/
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/php-objects/
<*> To unsubscribe from this group, send an email to:
php-objects-unsubscribe@yahoogroups.com
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
