passwords to CGI

Paul Rubin phr-n2002b at NOSPAMnightsong.com
Thu Jan 16 04:08:03 CET 2003


Erik Max Francis <max at alcyone.com> writes:
> It should be easy enough to detect that case, even with a completely
> opaque session ticket.  The session ticket will map to a record about
> the session, and in that session record you'll know the IP address of
> the connecting host.  In the event that the ticket matches but the host
> doesn't, you're either catching a cheater or someone with a really
> stupid ISP firewall.

Firewalls that do that are not necessarily stupid.  Some are
programmed on purpose to switch IP addresses between, for privacy
reasons.




More information about the Python-list mailing list