Home page logo
/

webappsec logo WebApp Sec mailing list archives

RE: Tying a session to an IP address
From: "Steve McCullough" <website () showmethesmut com>
Date: Mon, 10 May 2004 16:47:45 -0300

Hi all,

When I was mulling over this very problem not so very long ago, I came
across the following AOL page, which lists the proxies:
http://webmaster.info.aol.com/proxyinfo.html

From their description, it seems that both the proxy server used by the
client AND the client IP address are apt to change.

Steve
----
Steve McCullough
web_designer::venus_envy( www.venusenvy.ca )





-----Original Message-----
From: Adam Tuliper [mailto:amt () gecko-software com]
Sent: Monday, May 10, 2004 1:00 PM
To: Imperva Application Defense Center; Paul Johnston;
webappsec () securityfocus com
Subject: Re: Tying a session to an IP address


One item to not forget is AOL's "super proxies" could
 create a problem on a scheme where you need to
reauthenticate (provided the world is able to use your
application) if the ip address changes. They have multiple
proxy servers (however, their proxy ip lists are published
so this can be worked around, but... its still a point to
note)


---------------------------------------------------------------------
Web mail provided by NuNet, Inc. The Premier National provider.
http://www.nni.com/





  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]