-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> -----Original Message-----
> From: Paul Robinson [mailto:paul_at_AKITANET.CO.UK]
> Sent: Tuesday, October 31, 2000 9:59 AM
>
> [...]
> In
> addition I'd probably do some session-authentication with
> changing cookies
> per transaction, combined with IP authentication.
> [...]
IP authentication? In today's world or access through NATed firewall
or proxy servers, or providers like AOL, all in an Internet
environment increasingly becoming akamaied... uhm... cached, I
strongly doubt that IP authentication is viable. Take AOL users for
example: One request appears to be coming from proxy1.aol.com, the
next request from proxy3.aol.com. That would mean that your 'IP
authenticated' web page will invalidate the second request.
Regards,
Frank
-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.1
Comment: PGP or S/MIME encrypted email preferred.
iQA/AwUBOf77PURKym0LjhFcEQJnqACfdAodtrCcF3p8EcR8Mv3nL5bkYWsAnjN0
t2o4wmVDlPG83vgB+wMxHQtb
=YBqC
-----END PGP SIGNATURE-----
Received on Nov 01 2000
Intro
