mailing list archives
Re: [PEN-TEST] Your opinions are solicited ...
From: Frank Knobbe <FKnobbe () KNOBBEITS COM>
Date: Tue, 31 Oct 2000 11:02:53 -0600
-----BEGIN PGP SIGNED MESSAGE-----
From: Paul Robinson [mailto:paul () AKITANET CO UK]
Sent: Tuesday, October 31, 2000 9:59 AM
addition I'd probably do some session-authentication with
per transaction, combined with IP authentication.
IP authentication? In today's world or access through NATed firewall
or proxy servers, or providers like AOL, all in an Internet
environment increasingly becoming akamaied... uhm... cached, I
strongly doubt that IP authentication is viable. Take AOL users for
example: One request appears to be coming from proxy1.aol.com, the
next request from proxy3.aol.com. That would mean that your 'IP
authenticated' web page will invalidate the second request.
-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.1
Comment: PGP or S/MIME encrypted email preferred.
-----END PGP SIGNATURE-----